A running list of hacks, leaks, and vulnerabilities that have recently given up your personal information

The Internet is a wonderful place full of useful and entertaining information. It is also, however, filled with scoundrels who are determined to steal the copious amounts of personal information we leave laying all over the digital landscape, from apps we downloaded on a whim to old accounts we haven’t checked in years.

Some hacks are obvious. Facebook’s Cambridge Analytica scandal exposed at least some information about tens of millions of people. But others fly under the radar.

It’s almost impossible to stay up to date on every hack, breach, and leak that happens on a regular basis, but this running list will help you start keeping tabs on who might have your data, what passwords you may want to change, and why you should probably step up your efforts to prioritize security on the web.

Adware Doctor

Google Plus

Discovered: October 2018

Remember when Google started a social network to compete with Facebook and Twitter, but then (almost) no one showed up? The zombie social site has been lurking in the background of your Google account for years, but recently the Wall Street Journal reported on a flaw that exposed some personal information to third-party developers. According to Google, the information was static information provided by users, like occupation, age, and place of birth. The vulnerability has reportedly been around since 2015 and exposed information to 438 apps, but the report claims that the company never went public with information about the breach.

In response to the news, Google announced a variety of security changes that were already in the works, including tweaks to the process for building Gmail add-ons, and the slow demise of Google Plus over the next ten months. You can read about the Google security changes here.

Facebook “view as”

Discovered: October 2018

One morning in early October, roughly 90 million users found themselves logged out of their Facebook account and app. The logout was a measure taken by the company to combat a security flaw that allowed hackers to use a side door into people’s accounts and take them over without having to intercept a password. The flaw came from a feature called “view as,” which allowed users to see their Facebook profile page as if they were another user. So, if you wanted to make sure you deleted a post or you wanted to see how your new photos looked on your page, you could do so. According to Facebook, roughly 50 million users were at risk due to the breach. The service logged out 40 million more users as a precaution, as they had been subject to a “view as” lookup in the past year.

The investigation is ongoing and reportedly involves the government as well as Facebook’s internal investigators. If you were logged out, your credit card information and password are reportedly safe since a hacker wouldn’t see that data even if they snuck into your account. It’s one of the biggest breaches

Newegg.com

Discovered: October 2018

If you made purchases from the popular online electronics retailer, Newegg.com between August 14th and September 18th, the company suggests you keep close tabs on your bank information. The site fell victim to 15 lines of malicious code that skimmed credit card information from users as they checked out and made purchases. Newegg has since fixed the problem, but suggests that people should keep a look out for similar hacks going forward across the web.

Discovered: September 2018

This app designed to “clean up” malware and adwear from your Mac topped the paid app chart in the MacOS App Store. However, according to a report by TechCrunch“it’ll steal and download your browser history — including all the sites you’ve searched for or accessed — to servers in China run by the app’s makers.”

T-Mobile

Discovered: August 2018

T-Mobile says it suffered “unauthorized entry into its network [that] may have given hackers access to customer records, including billing ZIP codes, phone numbers, email addresses and account numbers.” The hack reportedly did not include financial records.

Army.com (and other fake military sites)

Discovered: September 2018

Earlier this month, the FTC shut down a variety of spoof military recruitment sites, including Army.com, Armyenlist.com and others designed to look like official armed forces pages. The pages collected personal information via forms and then sold that data to other marketers.

Reddit

Discovered: September 2018

If you’re an early Reddit user—from the 2005 to 2007 era—someone accessed your credentials and email address thanks to a vulnerability in the SMS-based authentication software. If you’re using an old password, change it, and enable two-factor authentication.

British Airways

Discovered: September 2018

If you booked a flight between August 21 and September 5, there’s a chance your personal information was stolen. “The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. The data did not include travel or passport details.”

Related: The security gadgets and apps you need to keep your information safe

Airmail

Discovered: August 2018

A popular Mac mail app demonstrated a vulnerability related to custom URLs that could expose personal information about user accounts and messages. The company addressed the issue with a blog post and issues a fix for the problem, which is included in the latest version found in the App Store. If you’re running the software and haven’t updated it, then you should right away.