We all love a freebie. Whether it’s a sample of a new soda pop or a free movie ticket, we’ve got our hand out and ready to say, “Sure!” No harm, no foul in most situations.
But, recently, cybersecurity company Surfshark organized a social experiment at a Manhattan cafe to showcase people’s awareness level on data privacy and what they found is that we’re a little too easy when it comes to protecting the kinds of things that could do us in.
During the one-day event titled “Food for Data,” consumers were presented with a menu of drinks and food. But instead of regular dollar prices, they were asked to provide personal data – email addresses, occupations, mailing addresses, birthdates, and credit card security codes. And a cup of coffee or a muffin is all it took for 78% of those in the study to give away valuable personal data.
Surfshark’s founder and CEO Vytautas Kaziukonis told ConsumerAffairs why this is do-you-in level dangerous: "Once you put your data out there, its fate is uncertain — it could fall into the wrong hands and be exploited without your knowledge. Surfshark’s research shows that in the past 20 years, almost 4 billion US email addresses have been leaked, opening people up to all sorts of dangerous cybercrimes, from identity theft to carefully crafted phishing schemes,” he said.
Yes, it’s Americans who are giving away the most
Surfshark’s research on data breaches reveals that the U.S. is the number one country in the world in data breaches with 207 million leaked online user accounts in 2024 so far. Count ‘em: the AT&T breach with 7.6 million current and 65.4 million former customers' records breached; MOVEit: 77 million records breached; Ticketmaster Entertainment, LLC: 560 million records allegedly stolen.
And they’re growing by the month – and the minute: 117 million accounts were breached in the second quarter of 2024, a 14% increase from the previous quarter’s 90.4 million; plus, on average, 15 user accounts were breached every single second in the U.S. in the second quarter of 2024.
You better think twice
Surfshark’s cybersecurity lead Aleksandr Valentij explains in more detail the risks users face when they overshare their personal data:
“First off, oversharing your data can lead to increased spam," Valentij said. "But that’s just the tip of the iceberg. If your data ends up leaked on the dark web, you’re at risk of phishing, spear phishing, ID theft, cyberstalking, or a takeover of your online accounts.
“Just think twice before giving away your data, and refuse to provide it if you don't think it's necessary. For example, if an online service provider requests your physical address, but they don't actually need it to provide their service, don't share it. Instead, you can provide an alternative address or leave it blank if you can.”
Valentij contends that the same goes for app permissions: some apps ask you to share your live location at all times, which, in most instances, isn't necessary.
“Think twice before granting an app any permission, and feel free to decline them. When it comes to data privacy, vigilance is always key. Don't blindly trust companies to keep your data safe, because Surfshark's data breach research reveals that's often not the case.”
Disclaimer: no data was actually collected during the event. As a cybersecurity company, Surfshark takes user privacy very seriously, and this is reflected in its no-logs policy.