What You Must Learn From the Big Security Events of 2016

James Frew 30-12-2016

There is no denying that 2016 is widely regarded as a “bad year”, culturally and politically. But what of the security world — how did 2016 stack up? And what can we learn from the leaks, breaches, and surveillance increases?


Leak, After Leak, After Leak

While website hacks and data leaks have been a mainstay of our online lives for a number of years, 2016 was the year that everyone was forced to pay attention. Among the numerous casualties were cloud storage provider Dropbox and professional social network LinkedIn.

The Dropbox hack exposed 68 million accounts Are You One of 69 Million Hacked Dropbox Users? It has been confirmed that 68 million Dropbox accounts were hacked in August 2012. Was yours one of them? What should you do about it? And why did the hack take FOUR YEARS to come... Read More , with only half of all passwords being securely encrypted. LinkedIn managed to surpass this by losing 117 million credentials What You Need To Know About the Massive LinkedIn Accounts Leak A hacker is selling 117 million hacked LinkedIn credentials on the Dark web for around $2,200 in Bitcoin. Kevin Shabazi, CEO and founder of LogMeOnce, helps us to understand just what is at risk. Read More , or 73 percent of their userbase at the time. Despite this attack coming to light in May, Microsoft still acquired LinkedIn for $26.2 billion less than a month later. Continuing LinkedIn’s bad year, it looks as though their online learning site, Lynda, may have been compromised too.

Spotify suffered a mysterious and still unexplained leak How Spotify Got Stung, And Why You Should Care he latest Spotify leak might be the strangest one yet. Hundreds of accounts have been splashed on PasteBin. So, what's really going on? Read More in April, resulting in hundreds of accounts leaked on Pastebin. The phenomenally popular game Minecraft was next in line but this time it wasn’t from the company itself. Instead, Minecraft fansite Lifeboat was attacked exposing over 7 million accounts and the site’s poor security practices SEVEN MILLION Minecraft Accounts Hacked The accounts of more than 7 million members of Lifeboat were compromised earlier in the year, and the data has reportedly been sold to the highest bidders on the Dark Net. Read More .

To be fair to Dropbox and LinkedIn the main bulk of their data appears to have come from attacks that happened in 2012. In the intervening years the respective companies have largely improved their security efforts. However, this is of little comfort to the millions of users whose personal information ended up online.

They Weren’t The Only Ones

U.K. internet provider TalkTalk was hacked by a 17-year-old, video sharing website Dailymotion lost 85.2 million usernames and email addresses, and San Francisco’s transport system was held ransom to the tune of 100 Bitcoins ($80,000).


Last year’s Ashley Madison leak Ashley Madison Leak No Big Deal? Think Again Discreet online dating site Ashley Madison (targeted primarily at cheating spouses) has been hacked. However this is a far more serious issue than has been portrayed in the press, with considerable implications for user safety. Read More was widely considered to be the worst adult website leak in history. The release of sexual preferences was particularly damaging as it was used as a tool for blackmail and reputation damage. Having found a useful way to exploit users, hackers attacked more adult websites, resulting in the Brazzers Brazzers Porn Site Leak: Why Everyone Should Be Worried You may have heard that 800,000 users of the adult website Brazzers have had their details leaked -- but did you know that the vulnerability used occurs in other, non-porn websites as well? Read More and AdultFriendFinder Caught in AdultFriendFinder's Massive Data Breach? Here's What to Do AdultFriendFinder, which calls itself "the world's largest sex and swinger community," got hit, and over 410 million account details, including email addresses and passwords, have been posted online. It's one of the largest breaches of... Read More leaks.

These leaks in themselves are all fairly damaging if the attacker accesses the data inside the account. The problem is compounded as it became clear that many people still re-use login information across multiple sites. This culminated in look-like-hacks-but-weren’t of high profile sites like TeamViewer TeamViewer Hack: Everything You Need To Know "Protecting your personal data is at the very core of everything we do" says hacked remote desktop service TeamViewer -- but are they protecting themselves before the customer? Let's examine what we know. Read More , and Gmail Is Your Gmail Account Among 42 Million Leaked Credentials? Read More .

It Happens to Us All

In a twist of irony, Twitter CEO Jack Dorsey’s Twitter account was hacked by the group OurMine. The group also managed to deface Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts. Not content, they targeted other tech CEOs, including Google’s Sundar Pichai, Uber’s Travis Kalanick, and Spotify’s Daniel Ek. After you’ve finished smirking, you can take satisfaction that these high-powered tech CEOs fall prey to the some of the same security mistakes as the rest of us.

lastpass security breach


The best advice is to start using a password manager How Password Managers Keep Your Passwords Safe Passwords that are hard to crack are also hard to remember. Want to be safe? You need a password manager. Here's how they work and how they keep you safe. Read More . While offerings from LastPass and Dashlane are the most popular, there are plenty of open source alternatives 4 Open Source Password Managers To Keep Your Passwords Safe Even if you’re accustomed to your beloved and convenient commercial password manager, it’s probably not a bad idea to try other ultra secure applications that offer some of the same features and risk less at... Read More . Once you have secured your passwords, you can enable two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More as an extra layer of security.

Yahoo’s Year Went From Terrible to Worse

While we are on the subject of data leaks, Yahoo had an astonishingly bad year. After failing to turn the ailing internet company around, Marissa Mayer finally took the decision to sell. Having found a prospective buyer in Verizon Verizon Acquires Yahoo, Pokemon Go Breaks Records... [Tech News Digest] Yahoo has sold out, Pokemon Go is a record breaker, the Xbox One is going cheap, Netflix nabs new MST3K, and what happens at the end of Pac-Man? Read More , Yahoo then went on to damage its own chances of a sale by admitting that 500 million accounts were leaked Yahoo! We Lost Your Data! Two Years Ago... Web giant Yahoo has suffered an enormous data breach. The breach, which took place in 2014, resulted in the information of 500 million Yahoo users being offered for sale on the dark web. Read More two years ago. Oh, and they had been allowing the NSA to have unfettered access to your account Yahoo Has Been Spying on Your Emails for the NSA If you have a Yahoo Mail account, Yahoo has been scanning all of your emails to help U.S. intelligence agencies. Which is nice of them. Read More .

Because 500 million accounts and government spying weren’t shocking enough, Yahoo closed out the year reporting that a further billion accounts had been leaked Yahoo Reveals Yet Another Giant Security Breach Another day, another Yahoo hack. This one dating back all the way to 2013. This particular security breach resulted in the user data of 1 billion Yahoo accounts being stolen. Read More . Go big or go home, right? If you are thinking now is the time to migrate away from Yahoo Mail, there are secure alternatives like ProtonMail Affected by the Yahoo! Breach? Why Not Try ProtonMail? ProtonMail is a free, open source email service that focuses on security and privacy by allowing users to easily send and receive encrypted emails. But can ProtonMail be a secure replacement for Yahoo! Mail? Read More .

Held Hostage by Malware

Viruses and malware have been a major headache for computer users the world over ever since we began connecting to the internet. Luckily, companies are getting better at catching and fixing security vulnerabilities Windows Users: Your Printer May Be Open to Hackers Most people don't think about "printers" and "security" in the same sentence, but there's a new vulnerability that requires your attention right away. Read More so that the impact of any attack is much lower. Never ones to be left out, hackers have turned their attention to the comparatively weaker mobile operating systems like Android.


Two large exploits have been found on Android devices this year. Over the summer details emerged of a vulnerability in Qualcomm chipsets Are You One Of 900 Million Android Users Exposed By QuadRoot? Has your Android device been potentially compromised by American hardware manufacturing giant Qualcomm? New Android bug QuadRoot affects devices running Qualcomm chipsets -- and that's most Android hardware! Read More which are widely used in Android devices, known as Quadroot. The exploit uses one of four vulnerabilities to gain root access to your device. While security patches have been released, the timely distribution of system updates is poor at best, leaving many devices still susceptible.

The second also aims to take root privilege of your device by installing malware, dubbed Gooligan Gooligan Malware Infects 1 Million Android Devices A new type of malware has already infected 1 million Android devices. Dubbed Gooligan, this malware roots Android, giving the hackers full control of people's devices. Read More , on your device. This is done either through a malicious link or rogue app found on third-party marketplaces. This exploit only affects older versions of Android pre-Marshmallow 6.0. Although that accounts for roughly 75 percent of all devices currently running Google’s OS.

The Rise of Ransomware

The most problematic malware has without a doubt been ransomware Don't Fall Foul of the Scammers: A Guide To Ransomware & Other Threats Read More . Throughout the year the incidences of this incredibly vicious malware increased to previously unseen levels. Ransomware is a piece of software which will lock functionality on your device or even take your files and data hostage. Messages are shown on screen to prompt you into paying to unlock your machine and remove the software. Typically though, even if you do pay, the hackers will just make fraudulent charges on your card, and do nothing to remove the malware.

Laptop Ransomware Money for Key
Image Credit: Bacho via Shutterstock


The attackers are also getting smarter with their distribution tactics. A new variation of the infamous Locky ransomware 3 Essential Security Terms You Need to Understand Confused by encryption? Baffled by OAuth, or petrified by Ransomware? Let's brush up on some of the most commonly used security terms, and exactly what they mean. Read More doesn’t require you to agree to install any software. Instead, it uses JavaScript to download and run Your New Security Threat for 2016: JavaScript Ransomware Locky ransomware has been worrying security researchers, but since its brief disappearance and return as a cross-platform JavaScript ransomware threat, things have changed. But what can you do to defeat the Locky ransomware? Read More an embedded file, infecting you with the pernicious malware. The San Francisco transport hack we mentioned earlier was a form of ransomware, allowing commuters to travel for free until the ransom was was paid. This is likely to be a trend that will continue into 2017 Ransomware's New Frontier: Here's What Will Be Targeted in 2017 Ransomware attacks are spreading, with centralized transport systems now likely to be targeted as much as your smartphone or PC. All the signs point towards these types of attacks becoming more common in future. Read More , with hackers using ransomware to hold cities, transport, and other infrastructure hostage for financial gain.

Your Privacy Was Further Eroded

It’s been no secret that we leave a lot of our personal data lying around in the digital world. Some of that comes from information we choose to post on social media, while some is gathered in the background Find Out What Your Browser Is Revealing About You Your browser gives up more information about you than you might realize. These sites show you just how much. A real eye-opening experience. Read More without our input.

The most well-known data miner is Facebook. The social media giant has many different ways to capture information about you. It is then put to use either in their own products Facebook's Disturbing Friend Suggestions May Violate Your Privacy Lately, there have been some rather disturbing reports of Facebook using sensitive information to come up with "People You May Know" suggestions. We took a look how this might be happening. Read More or sold to third parties 6 Surprising Ways Your Data Is Being Collected You know that your data is being collected, mainly by your ISP and the surveillance apparatus of the NSA and GCHQ. But who else is mining cash out of your privacy? Read More . They are far from the only ones exposing your data all over the web though, as even fitness trackers are being used for less-than-virtuous reasons Is Your Fitness Tracker Putting Your Security At Risk? Is your fitness tracker secure? A technical report highlighted a series of serious security flaws in their designs, theoretically allowing potential attackers to intercept your personal data. What are the risks? Read More .

Our fitness trackers, wearable tech, and health apps generate a tremendous amount of useful data, that advertisers and insurance companies would love to get their hands on Do Insurance Companies Breach Your Privacy? Insurance companies use increasingly invasive tactics to investigate and verify a potential claim, keeping fraudulent and other malicious claims low. How far do they go? Is it too far? And most importantly, is it legal? Read More . In most countries around the world the privacy of medical and health information is closely protected. However, the tech market is outpacing regulation, so your supposedly private data isn’t necessarily going to stay that way How Health Data from Your Apps Is Being Bought and Sold The recent explosion in the number of health and fitness apps means that there's a lot of health data being collected by our devices - data that is being sold. Read More .

The Pokemon Go Debacle

Over the summer, the augmented reality game Pokemon Go became a surprise megahit, being downloaded more than 10 million times in the week following its release. However, a large debate raged in the first few days of release about the level of permissions the game required. When signing into the game on iOS you were forced to give the developers “full access” to your Google account, a privilege only really afforded to Google’s own apps. Fortunately, it was caused by a mistake in the way Niantic implemented the sign in mechanism.

Pokemon Go on Mobile Device
Image Credit: LaineN via Shutterstock

The debate at least showed that users are beginning to understand the implications of handing over their personal data. Our smartphones tend to be a major source of data leakage, but luckily both Android 9 Ways to Protect Your Privacy on Android Android offers various privacy-friendly features, but Google doesn't always make it clear how we should use them. Let us take you through some of the best ways to protect data on your Android. Read More and iOS Boost Your iOS Privacy with These Settings and Tweaks We all know that governments and corporations collect information from your phone. But are you voluntarily giving away far more data than you realize? Let's look at how to fix that. Read More have ways to tweak your settings to protect your privacy. Windows 10 has suffered quite a lot of criticism for its heavy data collection. Happily, there are ways to minimize what you are sending back to Redmond The Complete Guide to Windows 10 Privacy Settings Do you know how much personal data you're actually sharing when using Windows 10? We show you every single Windows 10 privacy setting and what they mean. Read More .

The Rise of Big Brother

Digital surveillance isn’t a new concept — China has been doing it for over a decade How To Quickly Check If Your Site Is Visible Behind The Great Firewall Of China The Great Firewall of China, officially known as the Golden Shield project, uses a variety of methods to block foreign websites that the Chinese government doesn’t like. The Chinese government doesn’t publish a list of... Read More . With the Snowden leaks in 2013 Tomorrow's Surveillance: Four Technologies The NSA Will Use to Spy on You - Soon Surveillance is always on the cutting edge of technology. Here are four technologies that will be used to violate your privacy over the next few years. Read More we learnt about an invisible network of intelligence agencies around the world who were tracking our every move. As public outrage grew, it seemed that there was a chance that governments would backtrack and minimize their surveillance tactics.

This year we learnt that the opposite was to be true. Around the world, governments and intelligence agencies are doubling down on their surveillance, and in many cases attempting to legitimize their practices. This includes the now-infamous Snoopers Charter in the U.K. How the UK's Snooper's Charter Could Affect the Whole World The Investigatory Powers Bill, better known as the "Snooper's Charter", is here. You might think it only affects the UK, but you'd be wrong. This affects everyone, across the whole world. Read More . The bill passed into law in November, forcing ISPs to keep logs of all activity on their network for up to a year. This information can then be shared between a bewildering array of government agencies for… reasons.

Similar legislation is expected to legitimize the alarmingly wide-reaching surveillance practiced by the NSA. Unfortunately, public opposition to these privacy-destroying tactics is starting to collapse in the name of “national security” Why Have Americans Given Up On Privacy? A recent study by the University of Pennsylvania's Annenberg School for Communication concluded Americans are resigned to giving up data. Why is this, and does it affect more than just Americans? Read More . Sadly, social media has supported this narrative The War Against ISIS Online - Is Your Security At Risk? Anonymous claim to be targeting ISIS websites, alerting many to the fact that the terrorists have an online presence. But how are they being fought? And what should you do if you discover ISIS online? Read More by allowing extremists and terrorists a platform to spread their message while the companies play whack-a-mole How Social Media Platforms Battle Extremists Social media networks present a powerful tool to terrorist groups, primarily for propaganda and recruitment. So what are Facebook and Twitter doing about this? How can social networks combat terrorism? Read More in defense.

Databases Galore

To their credit, Facebook, Twitter, Microsoft, and YouTube will be working together to create a database of terrorism related content for easy removal. However, the database may turn into yet another surveillance tool Will the Terrorist Content Database Violate Your Privacy? Facebook, Twitter, Microsoft, and YouTube have announced they will be working together to build a massive database to tackle used by terrorist social media videos. Sounds a good idea, but will it affect your privacy? Read More . This would go nicely with Twitter’s potential censorship group the Trust & Safety Council Is Twitter's Trust & Safety Council a Front for Censorship? Twitter's formed its new Trust & Safety Council to create a friendly online environment. But does the overwhelmingly left-leaning Council membership indicate that the days of online discussion and meeting concensus are over? Read More .

Spying Eye Hidden in Code
Image Credit: enzozo via Shutterstock

The FBI is also developing a surveillance-friendly database Why the FBI's NGI Biometrics Database Should Worry You The FBI's controversial Next Generation Identification (NGI) system has been making headlines after a request to exempt it from the Privacy Act. But what, exactly, is in the database? Read More known as Next Generation Identification (NGI). This system would be “the world’s largest and most efficient electronic repository of biometric and criminal history information.” This adds more strength to the argument that biometrics may not be the future 6 Reasons Why Biometrics Are NOT the Way of the Future Biometrics have often been seen as the "future" of personal identification, but there are many reasons why that may never actually come to pass. Read More of identification after all. It isn’t just governments that are intent on spying on you, though. Private investigators and amateur sleuths How Private Investigators Use the Internet to Track You Digital private investigators know everything about you -- the color of your car, who you voted for, your favorite films... everything. But where do they find this information, and who is profiting from it? Read More  are developing methods to track individuals across the web.

You may have missed it, but America had an election this year 6 Resources to Help You Track the 2016 US Presidential Election The people’s right to vote determines the outcome of an election. Be an informed voter and take this important task seriously with the help of these tools. Read More . The political parties were finding novel ways of collecting information Political Campaigns Are Tracking You on Facebook, Here's Why You know by now that companies and government use social media to track you. But there's another group that's watching, analyzing, and capitalizing on every move you make on Facebook: political campaigners. Read More on potential voters too. Worryingly, police departments have started using controversial software called Beware Pre-Crime Is Here: How Police Assign a Facebook "Threat Score" The social media monitoring capabilities of the Fresno police department, trialling a controversial piece of software called Beware, have caused a stir. Are police are actively scoring a threat rating based on YOUR Facebook posts? Read More . The aim is to assign you a “threat score” based on your social media accounts. All of this sounds quite Minority Report-esque which should make you wary of what you share on social media Just How Dangerous Is It To Share Your Information On Facebook? Read More .

Reasons to Be Cheerful

Looking back over such a tumultuous year can leave you with the impression that the world is collapsing around us, with our private data paraded in the open by governments and hackers.

However, there are some companies trying to improve the situation for all of us. This includes Mozilla, the developer of the web browser Firefox. Mozilla’s Manifesto lists ten principles that are all about protecting the security and accessibility of the internet. To that end, they recently released Firefox Focus Firefox Focus Blocks Ads and Trackers By Default Firefox Focus blocks ads and trackers by default, ensuring you can browse the web without fear of your every action being analyzed. Which is unfortunate for us. Read More — a privacy focused web browser for iOS.

The technologies that provide the backbone to the internet are undergoing change for the better too. Transport Layer Security (TLS) is gradually replacing Secure Socket Layer (SSL) How Web Browsing Is Becoming Even More Secure We have SSL certificates to thank for our security and privacy. But recent breaches and flaws may have dented your trust in the cryptographic protocol. Fortunately, SSL is adapting, being upgraded - here's how. Read More to create a more secure connection between you and the website. There is also a push towards 100 percent HTTPS adoption. The security company Symantec is offering websites certificates for free along with paid add-on services. Then there’s Let’s Encrypt which also offers free certificates, operated by the public benefit corporation ISRG.

It’s not yet clear what role Bitcoin will have in the future, but the blockchain will make our world more secure How Bitcoin's Blockchain Is Making the World More Secure Bitcoin's greatest legacy will always be its blockchain, and this magnificent piece of technology is set to revolutionize the world in ways we always thought improbable... until now. Read More . There’s a chance that it may be able to make electronic voting a reality. The movement to use blockchain to keep content creators in control of their work is edging closer to the mainstream. It may even make traditional banking more secure.

Keeping Control of Your Privacy

The Orwellian themes popping up in surveillance schemes around the world may be chilling. Fortunately, there are plenty of organizations fighting on your behalf Who Is Fighting On Your Behalf Against The NSA And For Privacy? There are several Internet activism groups who are fighting on your behalf for privacy. They are doing their best to educate netizens as well. Here are just a few of them that are incredibly active. Read More  to keep the internet from becoming a privacy blackhole.

Contrary to what some commentators say Don't Believe These 5 Myths About Encryption! Encryption sounds complex, but is far more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let's bust some encryption myths! Read More , encryption is the key to ensuring your security. You can even enable end-to-end encryption in Facebook’s WhatsApp How To Enable WhatsApp's Security Encryption The so-called end-to-end encryption protocol promises that "only you and the person you're communicating with can read what is sent." No one, not even WhatsApp, has access to your content. Read More messaging service. If you want to protect yourself from the overzealous eyes of your ISP, then you could even make the switch to a logless VPN 6 Logless VPNs That Take Your Privacy Seriously In an age where every online movement is tracked and logged, a VPN seems a logical choice. We've taken a look at six VPNs that take your anonymity seriously. Read More .

Tighten Your Security for 2017

You may feel like you’ve had enough of hearing that yet another of your accounts has been hacked. However, it’s important that you beat your Security Fatigue 3 Ways to Beat Security Fatigue and Stay Safe Online Security fatigue -- a weariness to deal with online security -- is real, and it's making many people less secure. Here are three things you can do to beat security fatigue and keep yourself safe. Read More if you want to stay safe. One of the best things you can do to protect your privacy is to change what you intentionally post on the internet Improve Privacy & Security with 5 Easy New Year's Resolutions A new year means an excuse for getting to grips with your online security and privacy. Here are just a few simple things you should abide by in order to keep yourself safe. Read More . There are plenty of ways to protect your children too 7 Family Safety Tools To Keep Your Kids Safe Online Like the real world, the internet can sometimes be a scary place for your kids. There are some great apps and tools to keep them safe; here are some we think are the best. Read More , so that they can make the most of the online world.

As we move into the new year it is a good idea to do an annual security checkup Start the Year Off Right with a Personal Security Audit It's time to make plans for the new year, such as ensuring your personal security is up to scratch. Here are 10 steps you should take to update everything using your PC, phone or tablet. Read More , to make yourself as secure as possible. Then take preventive action, like signing up to the website haveibeenpwned to get alerts if your accounts are ever compromised.

How did you find 2016? Were you affected by the mountains of hacks? Or did you get struck by Ransomware? Let us know in the comments below and have a safe, secure 2017!

Image Credit: My Life Graphic via

Related topics: Online Privacy, Online Security, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Florida Onsite Techs
    December 31, 2016 at 1:40 am

    This has been an absolutely crazy year for Internet website security across the board. This article makes for a good compendium of the worst of the worst for 2016. Thanks for the interesting and informative read.

  2. Howard A Pearce
    December 30, 2016 at 2:22 pm

    "Who Is Fighting On Your Behalf Against The NSA And For Privacy?"

    Those who support the concept of property rights are - because ALL privacy rights derive from that right itself. After all, if everything were public, how much privacy do you think you would have ?

    The more state control of the internet you approve of - like Net Neutrality - the far more likely you will eventually loose your privacy rights in the name of "neutrality" (or whatever) as it is the state that will define what neutrality means or doesn't mean

    Many techie blogs, like MUD, actually promoted this state control like Net Neutrality to begin with ; and now they claim to support your privacy rights ? Garbage. They are far more likely to promote the enhancement of "neutrality" laws - however that will be defined - perhaps to address "fake" news maybe.

    • James Frew
      December 31, 2016 at 12:37 am

      I agree. Net Neutrality is important, but it isn't the same issue as surveillance. AFAIK we have not been explicitly "pro" the removal of net neutrality in the past here at MakeUseOf (MUO).