***This post was written by a Bugcrowd tester, who would like to remain anonymous***
People aren’t concerned with security breaches until it directly affects their lives. I was curious what my non-security friends thought about the recent breaches, so I posted the following on Facebook:
“40 million credit card #’s exposed by target and 4.6 million snapchat phone numbers leaked. But does anyone actually care or feel threatened? I’m curious”
My friend is not a security professional and doesn’t care any more or less than the next person, which is why this is important. Her perspective represents an apathetic view about all these hacks. People don’t care about security issues unless they are directly affected. Teens don’t care that their numbers are floating around as long as they aren’t spammed.
I have a Capital One credit card, and I’ve found it amusing that the following message has been displayed for over a month.
I’m not having a go at Capital One. The breaches haven’t been their fault, and they have been proactive in keeping us alerted of any suspicious activity. Thank you Capital One! You can view their security breach notice here.
This alert though should be raising red flags to the general public, but again, until an issue interrupts our daily rhythms, we carry on with our everyday lives. Similar to a Typhoon in the Philippines or poverty in a 3rd world county, until we see it with our own eyes or know someone who’s been affected, people don’t care about companies getting hacked.
So what happens when a breach does affect us?
We’d surely be concerned if our credit card was hacked for thousands of dollars, but even under such an act, we’d count on the issuer to figure out how to reimburse our funds. What may be even more of a burden, which is happening to thousands of people, is the following:
My card hasn’t been hacked. It’s worse. I’m being forced to replace my credit card… Now I have to deal with this hassle thanks to the carelessness of Target. I’d even consider the option of keeping my current card at the risk of a hack just to avoid switching cards. I’m thinking about all the online vendors I’ll have to change my card info for, or the subscription services that I will have to update. Surely I will forget a few accounts that my old card is linked to. Guess I’ll deal with that annoyance when it arrives.
This will surely irritate the general public, and bring awareness to those select hackers who have done this malicious deed, which in the end, may not be such a bad thing if the web becomes safer in the long run. But for now, c’mon big companies. Let’s see you beef up your security. Imagine how ticked I’ll be if in 2 months if I have to replace my card again. Well, at least would make for a nice blog rant: part 2.
Malicious hackers, please play nice and slow down on the hacks! We should all want a more secure web. Hopefully these vulnerabilities can be minimized in the future through public awareness and increased security measures by companies.