Another day, another data breach.
The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online.
The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth.
It was not password protected.
There’s a really easy way to protect yourself from being a victim. Lie.
When a WiFi provider asks for your email address, lie. When someone who doesn’t need to validate your age asks for your date of birth, lie. When you’re asked to provide your name in order to register for a service, lie.
Obviously, don’t lie to the police, tax inspectors, or your doctor. Don’t lie to people who need accurate data about you.
Eight years ago, I was at a Parliamentary conference about online privacy. I tweeted:
#PICONF12 Andy Smith says "never use your real details online" – Martin Hewitt not looking best pleased. Nor the other MP in the room.
— Terence Eden (@edent) October 25, 2012
Which led to this story being published:
I think that recommendation still stands. Giving away your personal details puts you at risk.
Whenever a free WiFi provider asks me for my details, I’m usually nononono@example.com. My date of birth is 1900-01-01. And my phone number is from the fake range provided by OfCom.
Here’s a list of all the times that has caused me problems:
- …
Oh. None.
Every time I give out a real email address or phone-number, it inevitably starts to receive spam. Every week we see news stories about companies behaving irresponsibly with our data. Exposing us to risk.
Stop giving out your information to people who have no need for it.
Your personal safety is more important than a company’s desire for a better marketing database.
@Edent I agree entirely. It bit me once. I was signing up for a mobile phone plan in the UK. I gave accurate billing details (name, address) but they asked for my birthdate. I gave a fake one. Why does my mobile phone company need my birthday? Well, they do a credit check. They declined the online application and I had to call in and talk to a human to straighten it out.
I could use an “Autofill with fake data” option in my browser. 😁
I like to use the company’s email. So if I’m traveling by plane and I get asked for my email, I use admin@airline.com. Maybe one day they’ll stop asking?
Also when you’re in a shop and person on checkout asks for your email address without explanation it’s OK to ask why they want it and then not give it. They’ll say it’s so they can email you a receipt but they will want use it for other purposes.
I’ve also challenged this, and took it up with the head office of the store in question. They immediately wanted to know the store location so they could ‘take it up with them’. I declined as it felt like they would witch hunt the low-paid assistant just doing what the company training manual tells them to.
I don’t see any good reason why all these Wifi providers should be asking for this information in the first place. It’s become one of the annoyances of modern life: walk into a new building, get a new form asking who am I.