Data Breach Verification: A Step-by-Step Guide
Introduction:
Data breaches have become a common occurrence in today’s digital world, with companies and individuals falling victim to cyberattacks. The challenge in reporting on these breaches lies in verifying the authenticity of the leaked data. TechCrunch has been at the forefront of covering data breaches and has developed a step-by-step guide to verify these incidents. In this article, we will explore some examples of verified data breaches and the methods used to authenticate the leaked data.
Verifying a Data Breach:
Verifying a data breach is crucial for both companies and victims to take immediate action. The sooner victims are aware of a breach, the better they can protect themselves. Journalist Micah Lee, who wrote a book on verifying large datasets, provides insights into how journalists, researchers, and activists can authenticate hacked and leaked data.
Approaching Data Breaches:
Every data breach is unique and requires a specific approach to determine the validity of the data. Different tools and techniques are used to identify the source of the data. TechCrunch delves into a few examples of verified data breaches and how they were approached.
How StockX’s Data Breach was Verified:
StockX, a sneaker selling marketplace, suffered a data breach in 2019. TechCrunch uncovered the breach when users received a mass email asking them to change their passwords due to system updates. However, TechCrunch discovered that StockX had been hacked, and millions of customer records were stolen. To verify the breach, TechCrunch contacted users directly through messaging apps and confirmed their information was accurate. This evidence prompted StockX to disclose the breach.
How 23andMe’s Data Breach was Confirmed:
In another instance, genetic testing company 23andMe experienced a security incident that led to a mass password reset. TechCrunch quickly verified that the leaked data was genuine by cross-referencing it with previously published genealogy data. The formatting and unique user information matched, confirming the authenticity of the leaked data. Eventually, 23andMe admitted to the breach, attributing it to a mass scrape of data.
Verifying U.S. Military Emails Leak from a Government Cloud:
Sometimes, data breaches occur due to human error rather than malicious hacking. TechCrunch received a tip from security researcher Anurag Sen, who had discovered sensitive U.S. military emails spilling online from Microsoft’s dedicated cloud for the military. By analyzing the exposed server’s IP address and using Elasticsearch queries, TechCrunch confirmed the authenticity of the leaked data and notified the appropriate authorities.
Conclusion:
Verifying data breaches is essential to ensure immediate action is taken by companies and victims. TechCrunch’s step-by-step guide provides valuable insights into authenticating leaked data. Through examples like StockX, 23andMe, and the U.S. military emails leak, TechCrunch has demonstrated its commitment to uncovering and reporting on data breaches.
Contact Information:
To contact TechCrunch or share breached or leaked data, you can reach them via Signal, WhatsApp, email, or SecureDrop.
By following these verification techniques, journalists, researchers, and activists can play a crucial role in uncovering data breaches and holding companies accountable for their security practices.