Why email and name data can be dangerous

Curiously, in a data breach, the data itself doesn’t really matter. The context does. For example: Name and address GP receptionist accidentally shared that with the wrong doctor in a surgery? Pretty low risk. Log it, learn from it, move on. GP receptionist gives out the name and address of a woman currently in a shelter for people fleeing domestic abuse to the domestic abuser husband calling up 'just to check the address is correct'? Major risk. Police are involved, ICO notified, lives are changed forever. Same data - name and address. Both real life breaches I've handled. Strangely, within a week of each other. #DataBreaches #GDPR #DPOs

Privacy Theater, Performed by AlphaSights and JuWay Pak Today’s episode: “We Take Data Protection Seriously… Until You Actually Ask Us To.” As a Chief Privacy Officer, I don’t give out my personal email address lightly. So imagine my surprise when AlphaSights — a company that connects professionals with consulting opportunities — contacted me using an email address I’ve never once used publicly. Worse? The version they used was one created by data scrapers, not me. A fraudulent alias. When I challenged them, they told me: “Well, Gmail treats dotted and undotted versions as the same.” Yes — internally Google does. That’s irrelevant to external identity validation. #Privacy law isn’t about how Google routes mail — it’s about data accuracy, transparency, and consent. They also blamed their vendor, ContactOut, and told me to go chase them down myself — despite being the ones who paid for and used the bad data. Let me be clear: 📌 Publicly available data, IF that were the case here it wasn't, is not a blanket excuse for lazy or unlawful processing. 📌 You can’t push #GDPR obligations onto your vendor just because they “passed your due diligence.” 📌 And no, I’m not going to submit more personal information just to opt out of something I never opted into. If you’re a company that buys data, you’re responsible for the accuracy and the impact. FULL STOP! This kind of behavior isn’t just sloppy — it’s dangerous. It enables impersonation, spam, and misrepresentation. If you’re in the privacy, compliance, or cybersecurity world, keep a sharp eye on vendors and platforms like AlphaSights and ContactOut. 🛑 If you’re going to claim “legitimate interest” as your basis for contact, then you better get it legitimately. #PrivacyMatters #DataProtection #GDPR #DigitalIdentity #Infosec #Cybersecurity #DarkPatterns #AlphaSights #ContactOut #Accountability #PrivacyTheater

🚨 Attention Job Seekers: Scammers are creating fake job listings globally to steal personal information. Meanwhile, data brokers collect and sell your data without consent, building profiles that influence job decisions. Be mindful of how your online job applications contribute to this data economy. In the Middle East and Africa, Digital Risk Protection specialists at Group-IB have identified over 2,400 fake job pages in the past year. These pages, posted in Arabic, target vulnerable job seekers, leading them to phishing sites where login information is harvested for fraud. The Dangers of Oversharing: 1️⃣ Identity Theft: Scammers use your personal details—name, address, ID numbers—to impersonate you, access bank accounts, or commit fraud. This can ruin your credit score and jeopardize future job prospects. 2️⃣ Financial Scams: Don’t fall for fake job offers asking for advance fees or bank details—these scams drain your account. 3️⃣ Phishing Attacks: Fake job ads lure you into phishing pages where you unknowingly share sensitive information for identity theft or other fraudulent activities. 4️⃣ Compromised Privacy: They steal personal data to be sold on the dark web, exposing you to ongoing fraud for years. 5️⃣ Job Blacklisting: Scammers may use your identity to apply for jobs, leading to a false history that can blacklist you from legitimate opportunities. 6️⃣ Emotional Stress: Dealing with identity theft and fraud takes a heavy emotional toll, impacting your well-being. 7️⃣ Reputational Damage: If scammers misuse your personal data, it can harm your reputation, affecting future job prospects and professional relationships. 8️⃣ Data Monetization: Many outsourcing companies and job platforms collect your data for selling to third parties for profit—often without your knowledge. Be careful of what you consent to. According to Group-IB, the logistics industry is the most targeted sector, accounting for 64% of fraudulent profiles. Petroleum (12%) and Food & Beverage (20%) sectors are also widely impersonated. How to Protect Yourself: Research companies before applying. Use trusted job platforms and verify websites (check for HTTPS and proper branding). Be cautious when sharing sensitive information like Social Security numbers or bank details. Enable two-factor authentication and set up alerts for your financial accounts. Recent Statistics 📊: Nearly two-thirds of UK LinkedIn users had been victims of fake job opportunities. Ofcom reports that 46% of participants have encountered online scams, while 39% know someone who has fallen victim. Stay Vigilant 🔐: Always verify job offers—if it seems too good to be true, it likely is. Know your rights under GDPR (Europe), CCPA (California), and PIPEDA (Canada). Your data is valuable—protect it like your most important asset. 🌐🔒✨ https://lnkd.in/dxU7miJK #DataProtection #JobSearchSafety #CyberSecurity #ScamAwareness #PrivacyMatters #RemoteWork

When CBEX went down, everyone was talking about the money. But how about the personal data? Over ₦1.3 trillion vanished into thin air. People were angry, confused, and heartbroken. But something else kept bothering me and it’s probably even more dangerous than the financial loss. What if the real loss wasn’t just the money? Think about it. To use the CBEX platform, people had to submit deeply personal information. Names, emails, phone numbers, BVNs, NIN, bank account details. Some even gave emergency contact information. All of this was handed over to a platform that wasn’t even on the Play Store or Apple Store and could only be downloaded from a random website. And the major way through which people sign up is through referrals, they refer you and you go ahead to refer someone else. It does not stop there, the emails they sent ended up in spam folders. Yet, people still trusted them with their life savings. Why? Because the platform looked polished. The dashboard was slick. The marketing sounded smart. They have some online channels for customer support and open a few physical offices across the countries. It also felt like something powered by AI and wrapped in crypto buzzwords. And because it came through someone they knew — a friend, a church member, a colleague — the trust was automatic. But that’s exactly what makes it scary. Before you proceed, if you created an account with them with a password you have used on another financial or important platform, kindly change all the passwords now! Now, you can continue! CBEX wasn’t just a "scam"; it was a well-designed trap. And while people are counting their financial losses, what they’re not seeing is the long-term danger. What happened to their personal data? It might already be on the dark web. It could be sold, traded, or used to commit fraud months, even years from now. With just the information submitted to CBEX, good cybercriminals can open bank accounts in your name, apply for loans, impersonate you online, or even target your loved ones. And most people won’t realize it until it’s too late. This is why cybersecurity isn’t just about protecting companies or writing code. It’s about protecting people, especially yourself considering the fact that we now live in a world where scammers no longer wear masks. They wear logos. They speak your language. They come with sleek apps and referral bonuses. So please, let’s learn from this. If an app isn’t on an official store, pause. If you can’t verify the founders, pause. If the platform seems too good to be true, don’t ignore that feeling. Your data is more valuable than you think, and it deserves better walls than blind trust. CBEX showed us that. Now let’s not forget it. Repost for others to learn from. I am Victor Akinode. Let's connect! Photo credit: Guardian.ng

Your exposed data doesn’t just put you at risk - it can be used to exploit the people you love. Let’s say a bad actor finds just enough of your personal info online. Now they call your grandparent, pretend to be you, muffle their voice a little, and say they’re stranded while traveling. The story sounds urgent, and it feels real to your loved one. And your grandparent - wanting to help - sends as much money as they can spare. It’s a dirty trick. And it works more often than you’d think. This is why protecting your digital footprint isn’t just about safeguarding your own identity. Staying proactive about your privacy protects the people around you who trust you, who care about you, and who might not question the call when they think you’re in trouble. In those cases, your digital privacy isn’t just a nice-to-have. It's an essential part of keeping everyone else safe.

A common piece of advice given to people outside of cybersecurity is to never click on random links. However, what fascinates me the most is that one of the worst things you can actually do, in addition to clicking links, is give out your email address (especially if it's your personal one). It's possible to query it through thousands of leaked databases and retrieve all sorts of information. Even if the associated password is invalid and you use a password manager, there's still a wealth of personal information that can't be erased from these datasets. All of which can be used to recover accounts etc. I'd argue that alongside avoiding random links, making your primary email address public is one of the most dangerous things you can do from an attacker's POV, despite its necessary use for receiving emails.

The Hidden Dangers of Email: Exposed Systems and Privacy Risk. Emails are the backbone of digital communication, facilitating everything from password resets to financial transactions. With trillions sent daily, they contain a wealth of Personally Identifiable Information (PII) that, when exposed, becomes a goldmine for cybercriminals. While some providers claim to offer "Privacy by Default," the reality is far more concerning. Threat Intelligence findings shared with Proton since 2023—one of the most well-known privacy-focused email providers—uncovered critical security exposed positions, including misconfigured subdomains, insecure IPv4 addresses, and fundamental PKI errors. Despite independent validation by top cybersecurity professionals, Proton's response was dismissive, even hostile. This exposure mirrors historical issues with Swiss encryption firms Omnisec AG and Crypto AG, whose security claims were later discredited. Such vulnerabilities provide fertile ground for phishing attacks, data breaches, and large-scale fraud. Cybercriminals exploit these weaknesses, leading to identity theft, financial loss, and national security threats. If even "secure" providers harbor exposed and exploitable positions, then the entire email ecosystem remains fundamentally flawed. Users must demand transparency and accountability, prioritizing true end-to-end security over marketing claims. Until providers address these systemic failures, email privacy remains an illusion, leaving billions at risk. Cybersec Innovation Partners

"No financial data was taken." We hear it time and time again after a cyber breach as if that makes it alright. But here’s the truth: I can freeze my bank card in seconds. Lose it abroad? I’ve cancelled a physical card and had a virtual one issued before I’ve even left the queue. What I can’t change in seconds or, in some cases, ever is my name, address, date of birth, or passport number. This is the kind of data that fuels identity theft, social engineering, and targeted fraud for years. And yet we treat it as a lesser loss? The real concern isn’t just what was taken, it’s how long it takes to tell us. By the time it's public, the targeting has already begun. We need to rethink our priorities.