Quote:...In May last year the EU’s General Data Protection Regulations (GDPR) came into effect. GDPR was essentially designed to give a thwacking slap on the wrists, or a hefty fine, to those organisations that didn’t do everything they could possibly do to secure customer data.

In the eight months since the introduction of this much welcomed legislation there have been over 59,000 personal data breaches reported across Europe. This isn’t the number of individual records; it’s the number of reported incidents.

• The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. 
  
• The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively.
  

The findings, released in a report from DLA Piper, noted that Netherlands, with 89.8 reported breaches per 100,000 people topped the list when the number of notifications were measured against country populations, followed by Ireland and Denmark.

Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked tenth, eleventh and twenty-first respectively on a per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.

GDPR states:

• Personal data breaches which are likely to result in a risk of harm to affected individuals must be notified to data regulators (within 72 hours). Where the breach is likely to result in a high risk of harm, affected individuals must also be notified. 
  
• Sanctions for failing to comply with the new notification requirements include fines of up to €10 million, or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher
  

Quote:...The Password Checkup Chrome extension registers the details as you enter your username and password on a website.

If it determines they have been exposed in a past data breach, even if that breach happened at a different website other than the one you are accessing, it displays an alert telling you to reset your password.

• Google says Password Checkup was built with privacy in mind and that it never reports any identifying information about your accounts, passwords or device. 
  
• It won’t flag up weak passwords; rather it’s looking for the combination of a password and username that have been leaked in a data breach.
  

At first glance, Google’s Password Checkup extension appears similar to Mozilla’s Firefox Monitor tool that enables people to check if their accounts might be at risk when they visit sites that have previously been breached.

While ostensibly a practical tool that many might find useful it does raise questions:

• Because it actually examines your login credentials, that is, username, email address and password, how can you be sure this data won’t fall into the wrong hands? 
  
• How many people feel comfortable knowing that a browser extension is scooping up your passwords, email address and user name? Will you feel comfortable that Google has done its job properly?
  

Google says that Password Checkup was designed jointly with cryptography experts at Stanford University to ensure that Google never learns your username or password, and that any data breach stays safe from wider exposure.

Browsers can be hacked

It’s worth noting that browsers can be hacked, potentially spilling out all the information stored in them. At one point browser hacked were relatively commonplace. Then they faded and now they are resurfacing again.

• Very recently a scam was detected which starts with a fake error message for the Google Chrome browser.
  
• Malicious code which underlies the fake error message then locks up the browser. 
  
• After the malicious code locks the browser, the fake warning tries to trick a user into calling a number. 
  
• If the number is called, a person posing as a company representative asks for sensitive personal or financial information to fix the bogus issue.
  

While this doesn’t relate directly to Google’s Password Checkup, unless the fraudster asks for usernames, email addresses and passwords, it does indicate that browsers are vulnerable to attack......

Quote:.....Fraudsters are distributing links to blogs and online services that prompt website visitors to first "login using Facebook account" in order to read an exclusive article or buy a discounted product.

Login with Facebook or any other social media service is a standard and safe method used by a large number of websites to make it easier for visitors to sign up for a third-party service quickly.
 

• However, the malicious blogs and online services are providing users with a very realistic-looking fake Facebook login prompt. After the login button has been clicked and credentials entered they are captured by the fraudsters. 
  
• The fake Facebook log-in pop-up window essentially inserts itself between the user and the website or service they are trying to connect to. 
  
• The fake pop-up login prompt is reproduced to look and feel exactly like a legitimate browser window. It has a status bar, navigation bar and URL to the Facebook website along with a green padlock to suggest it is secure. 
  
• Users can also interact with the fake browser window, drag it around the screen or exit it in the same way any legitimate window, all of which makes it seem authentic.
  
• BullGuard protects your computer from spies, hackers and malware
  

 
How to tell whether the Facebook log-in window is fake

• The only way to establish whether the Facebook log-in is genuine is to try and drag the pop-up prompt away from the window it is displayed in. 
  
• Normally, when you do this part of the pop-up will disappear. If it fails to do this and tries to return to its original position on the page it is a clear sign that it is fake.
  

There is a another way to ensure you don’t fall victim to this cunning phishing trick and that is to enable two-factor authentication (2FA) for Facebook.