All data is valuable, no matter how insignificant it might seem to users. Criminals know the actual value of information, which is why we see phishing attacks and spam messages that don't seem to target valuable things. Acknowledging the true value of our data is the first step for better protection.
We can easily conclude that people really don't care about their data. Or at least it’s easy to think that’s why they use terrible passwords or reuse them on many online accounts. The truth is likely different, though. It's not that people don't care about their data; it's that they don't know how valuable it really is.
Criminals are the first who come to mind when it comes to malicious intent, but that's not always the case. Numerous companies have built their entire business around collecting data, sometimes even without users' knowledge. Innumerable websites try to track people's behavior after navigating to other pages, hoping to gather information, which can be resold or used to target them with ads.
The simple act of visiting a website and browsing generates valuable information for the company running it. But what about other sensitive information that might seem unattractive even to its owner?
For example, "Is this you in this video" started as a phishing campaign spreading through Facebook's Messenger. People received this message from one of their friends, clicked on it, and got redirected to a fake Facebook login page. Once people logged in, they offered the credentials to attackers.
Many people are cavalier with their Facebook account and might be tempted to say it's no big deal; they have nothing of value on that platform. Unfortunately, that's not the case. The access itself is valuable and will likely end up on the black market. The account can be used in fraud and other types of attacks, but having a working username and password is the prize.
One of the most unhealthy habits that hurts cybersecurity is reusing the same credentials everywhere. There's a very good chance that people use the same password guarding their "useless" Facebook account in many other places, and criminals know this all too well. They will try to log in into email accounts, streaming platforms, and everything else in between. And it all started with a Facebook password.
Criminals have a way of finding value where we might not see it. For example, there was a case of a media personality who reported hackers had compromised one of her back accounts. But the bank account was empty. It's easy to say she got lucky and hackers went away, or declare that you're in the same position. "Let them hack my account, I don't have money there," is a common trope.
But the hackers knew that complete and unfettered access to a bank account could be more valuable than the money. They actually added money to the account and bought cryptocurrency with it, essentially using an empty bank account to launder money.
It goes without saying that it would be great if people used more complex passwords and unique credentials for each online account, showing that they value their data. They don't, and undervaluing the information we hold will not change anytime soon.
At the very least, we should be much more careful with the information already out there and try to keep a watchful eye on it via specialized software. One of them is Bitdefender's Digital Identity Protection service, a privacy-focused tool that gives you instant access to a map of your digital footprint, including online accounts and publicly available data. The tool also monitors the dark web so you can stay on top of data breaches and privacy threats, with easy-to-follow one-click action items allowing you to shut down weak points in your digital footprint.