By LAUREN TONTI ’14
When Meat Loaf first started singing about how he “would do anything for love,” he couldn’t have imagined the likes of Chris McKinlay, math whiz and modern incarnation of Cupid. Unsatisfied with his compatibility matches on the dating website OkCupid, McKinlay hacked into the company’s database and changed its mathematical matching model. As a result, he found the “one,” and is now engaged to be married.
This story has a happy ending. Yet the stories of millions of Target customers do not. The Huffington Post headline “Math genius hacked OkCupid to find ‘the one’ ” could easily be changed to “Criminals hacked Target to find the one” when you turn “math genius” into “criminal,” “OkCupid” into “Target,” and “the one” into “your one and only credit card security code.” Ta da, one of the most infamous data heists of all time, impacting over 40 million customers.
While hacking can be used to find true love and ethically serve the public, more often than not the skill is used for malicious purposes. The Target Company breach is not the first, and certainly will not be the last, of data breaches into the software of programs that millions of people depend on for organization, efficiency and fun. Take a look:
According to the discount-coupon company’s website, cyber attackers managed to hack “names, email addresses, date of birth for some users and encrypted passwords” in April of 2013.
Evernote re-set 50 million user passwords last March, following the online note-taking and productivity application’s discovery of “a coordinated attempt to access secure areas of the Evernote Service.” The “coordinators” gleaned the encrypted passwords corresponding to usernames and email addresses.
Last February, Twitter’s fortresses were infiltrated by a small-scale invasion. A Twitter blog post revealed that hackers gained “unauthorized access” to 250,000 usernames, email addresses, encrypted passwords and session tokens.
According to Techcrunch.com, Snapchat, the photo messaging application, struggles to fortify its security platforms. The service is susceptible to “denial-of-service attacks” that crash iPhones and infiltrate Android devices. What’s more, Snapchat has alarmingly ignored security warnings in the past. These oversights were revealed when hackers released 4.6 million account holders’ phone numbers after security researchers warned the company that such breaches were possible.
While most passwords are “hashed” or “salted,” meaning that they were encrypted to mask their original text content, data breaches like these never fail to damage Internet users’ faith and trust. Vinton Cerf, known as one of the “fathers of the internet,” said it best: “We never, ever in the history of mankind have had access to so much information so quickly and so easily.” Data breaches jeopardize the identity of the World Wide Web as a free, unlimited, rapid interface, a fundamental tool for exchanging ideas and connecting people.
Daily life now runs through the circuitry of the Internet, and we are dependent on the data we submit to online portals. Think of the average Wellesley student who logs onto Sakai to find readings for classes, punches in her B number to access e-bills and transcripts and types her email password to send a quick note to her committee. One alphanumeric combination can give someone a very revealing glimpse into your personal affairs and private life. Even if you follow all the rules for “safe” internet usage by not doing things like giving out your password or revealing your home address on Facebook, there is no guarantee that you will be safe. In fact, Facebook and Google have already taken peeked at your preferences. Ever seen a targeted ad on the side of your page and wondered, “How did Facebook know I have been researching Kaplan MCAT courses?” It’s because Internet giants have been partnering with third-party digital-advertising and data companies to track your preferences and recent searches.
Wellesley students express mixed feelings about the data security breaches.
Serene Beltran ’17 shares the view of many Internet-trusters and assumes that her data is relatively safe.
“I don’t really make any personal efforts to protect it, I just assume it’s protected,” she said. “Sometimes I worry about Facebook, or Snapchat.”
Even though students have been cautioned that it’s unwise to have the same password for everything from banking to MyWellesley, many don’t heed the warning.
“I’m scared if someone figured out the one password that I use for everything, they could single-handedly ruin my life,” Tala Nashawati ’17 said. “I feel like that’s a problem a lot of people have.”
Other students doubt the current security measures that are designed to protect private and sensitive information.
“Sometimes, when I’m logging on to check my bank account stuff, I think ‘Is that strong enough to keep people from getting into my bank account and stealing my money or social security number? It’s so easy to change your password,” Judy Zhang ’17 said.
Wellesley makes an effort to protect the data and personal information that it has on file about current and former students. The College’s policy states: “When there is a legitimate need to provide records containing PI [personal information] or confidential information to a third party, electronic records are password-protected and encrypted, and paper records are marked confidential and securely sealed.”
Library and Technology Services (LTS) has urged students to also take precautionary measures to protect confidential information. LTS suggests that students avoid using the “Remember Username and password” function, unless they know that the program encrypts its passwords. Students can also change their computers’ default settings to clear password information after leaving a browser. Additionally, LTS recommends that students store sensitive electronic info on a secure server. Students can even request access to the college’s secure servers.
Wellesley also provides tips for creating strong passwords and protecting these passwords. The College warns students to avoid using Wellesley passwords on non-Wellesley sites.
As a message to the hackers out there, most people won’t mind you playing matchmaker or yenta (in fact, they might even pay you for it!). But please, this Valentine’s Day, only steal their hearts, not their data.