Recently, the well-known Russian streaming platform START confirmed a large-scale data breach. The administrator of the START platform admitted that an attacker stole the database of 2021 from its system.
According to Russian news outlet Meduza, the leaked data is real and valid. On Sunday, August 28, a 72GB MongoDB JSON dump containing information on nearly 44 million users at the time began to be distributed on the social network. Many of these entries refer to test accounts. However, the dump contained 7,455,926 unique email addresses, which may be close to the true number of exposed users.
The most recent record date is September 22, 2022, so this event will not affect users who sign up for the service after that date.
01 Russia strengthens data leakage protection measures
Moscow is implementing measures to protect user data from unauthorized access and protect its citizens from exposure due to increased cyberattacks against Russian online platforms.
1. Kommersant reports that the Ministry of Digital Development is promoting a plan to create a register of “unacceptable IT security practices” to help raise awareness among organizational leaders.
2. Earlier, a department proposed to set up a fund to compensate victims of database breaches. The fund will be backed by fines for entities responsible for security breaches. The proposed draft law proposes a fine of 3% of the annual turnover of violating companies to incentivize companies to develop and apply good security practices.
02Deploy SSL certificate to realize HTTPS transmission encryption
With the rapid development of the Internet and the gradual enhancement of national network security awareness, more and more websites have begun to use HTTPS, a more secure network transmission protocol.
HTTPS is obtained by deploying an SSL certificate for the server. Compared with other network transmission protocols, HTTPS can not only provide better information confidentiality, but also prevent traffic from being hijacked.
SSL certificate is an international common network security product, which solves two basic problems of data encryption and identity authentication. After the server deploys the SSL certificate, it can ensure that the information transmission between the user’s computer and the website server is encrypted with high strength.
At the same time, it also proves the real identity of the server to website visitors. This real identity is verified by a third-party authority. When users need to confirm the identity of the website, they only need to click the lock mark in the address bar of the browser.
The protection of personal information is the focus of the construction of the network security protection system. In recent years, the state has successively issued a series of laws and regulations on data security and network security, including the “Network Security Law”, “Data Security Law” and “Personal Information Protection Law”. It also vigorously rectifies violations of user rights and interests, such as illegal collection and use of personal information, through the formulation of standards, technical inspections, special rectification, and industry self-discipline.
Whether it is a network service provider or the vast number of netizens, in order to protect their account security and personal rights, they must form the habit and awareness of using HTTPS to access websites. Important websites must also deploy SSL certificates issued by authoritative organizations in time to ensure that the website is critical Data security and integrity.