Identity and user privacy issues have received much attention in recent years. User privacy and identity protection are two critical societal concepts that powerful technology corporations have exploited and taken for granted in Web 2.0. Corporations like Facebook (now Meta) have a long history of invading user privacy and identity. Other companies have been accused of improperly disclosing user information to large research firms. Facebook was fined $5 billion in 2019 for egregious user data and privacy violations.
User privacy and data leaks appear to be widespread. The Optus data breach, the largest in Australian history, occurred on September 23rd, exposing the private credentials of over 10 million people, or 40% of the Australian population. In this article, we will look at the data breach, the cause, and the steps that can be taken to prevent it from happening again in the future.
An In-Depth Look at the Optus Data Breach
Optus, a subsidiary of Singapore Telecommunications, was hacked and compromised, with the hacker gaining access to millions of user credentials in Australia’s most significant data breach. Customers’ Medicare ID numbers, names, email addresses, phone numbers, birthdates, and passport and driving license numbers were among the PII obtained by the alleged Optus hacker.
Over a dozen state and federal government email addresses have been stolen, including four from the defense department and one from the Prime Minister and Cabinet Department.
Following the hacker’s apology and request for a $1 million bounty for hacking Optus, the Australian government has stated that over 2.8 million people may be at risk of identity theft/scams.
What Led to the Data Breach?
The Optus data breach demonstrates the persistent flaws in the current data storage methods. Optus has insisted that this was a high-level cyber attack. Still, Australia’s Minister for Cybersecurity, Clare O’Neil, has refuted those claims, pointing to Optus’s negligence via an unprotected API endpoint. The main issue is centralized databases, which makes protocols vulnerable to hacking.
Following the latest major security breach in a long line of security breaches over the years, Tim Bos, CEO of ShareRing, was quoted as saying, “This litany of errors makes it clear that we must rewrite the rules of user identity by putting individuals back in control of their personal data.”
In today’s society, data and identity protection are two critical concepts that must be improved, and the issue of centralized databases makes it easy for hackers to capitalize on a single point of attack and breach data security.
The Solution Is Web3
Web3 is still in its infancy, but innovations that address data privacy and user identity issues through decentralization methods are emerging. ShareRing and other blockchain-based digital identity ecosystems empower users by giving them control over their data and limiting the information they share with third parties. ShareRing is a 2018 project that aims to build a blockchain that will allow millions of people to quickly and safely access a diverse range of assets in the digital economy.
The project is a digital identity (DIDs) blockchain platform, developing a protocol centered on the user’s digital identity and how this identity is utilized and managed across the digital environment, both of which are addressed in the project’s products.
The goal is to create digital identities that integrate seamlessly with Web 3.0 and the future digital environment, resulting in a frictionless user experience. By leveraging Self-Sovereign Identity and Zero-Knowledge Proof technology, ShareRing provides complete autonomy and limits on what users are permitted to share. “To avoid more fiascos, it’s time to embrace a new model for user identity, which gives control back to the user without sacrificing convenience,” said CEO Tim Bos.
Data and identity protection are critical concepts that must be improved in today’s society. With the advent of Web3 and blockchain technology as the foundation, startups like ShareRing hope that their unique solution and approach to the problem will make user identity theft/privacy issues a thing of the past. Web 3.0 is still in its early stages, and much work needs to be done to accelerate global adoption and successfully replace the current version of the internet, or Web 2.0.