Once upon a time, security of our systems was up to us to manage. Choosing a more secure system against malware, making smart installations and regularly updates of the software, backing up data, hardening the OS and encrypting the disks was a good way to live secure with our data.
Today this scenario has changed or, better to say, extended. To be clear, all of the previous steps are today valid to build your local system but the reality is that only a little bunch of our data resides in our property memory devices.
A big part of our life is stored somewhere far away from us, managed by someone we don’t know in a system we miss the implementation design where happens things we are totally unaware of!
For many computer users this is not a problem because is clear that the security implemented by Google or Facebook is far better than the security unimplemented on their system. The problem is that they do not own physically their data anymore, they are only allowed to use and sometimes backup their data.
From the point of view of a pirate, is maybe harder to attack Google than you but Google or Yahoo or Facebook or Twitter are all well known target while often you are not!
Cracking BigG database would translate in the access to everyone’s emails stored in their user accounts. Once, when you have your mail on your computer, a pirate should attack your system or Mr. Brown’s system to access Mr. Brown’s emails. In the past, attacking a pop3 server didn’t affect the mails you’ve already downloaded, your past correspondence. Now, accessing to your online mailbox may reveal ten or more years of discussions, contacts and private informations.
Years ago PlayStation Network was cracked and the damage was not only related to gaming activities of the users involved but also in their sensible data like credit card number, usernames and passwords. These passwords (often stored in their hash counterpart) once cracked may reveal a keyword used to access to many services because users tend to use the same password or similar passwords for many logins. So a cracker burgling a wide database of passwords may access to a wide database of lives!
So today we need to trust to security provided by services we use but this should not be a blind trust. We already have responsibility in our data protection, preventing our identity and life to be stolen when corporation’s security fails. And this will be achieved by smart use of privacy technologies like cryptography, correct use of authentication systems ad using different passwords for different services.
Also, most important, put your data on the Internet but “only” what you need to access from the cloud. Do not abuse of the cloud and maintain your privacy.