I work in the anti-fraud department and the main task is to ensure the security of operations. Prior to that, he worked at Sberbank and caught a big data leak from the inside in 2020.
Let’s start with a basic question – how exactly does any IT company store your data? The answer is quite simple – in the database files on the hard drives on the server. And fundamentally, this is not much different from storing any text file on your personal computer. All access restrictions start from the physical inaccessibility of the server for the employee and end with access restrictions, password-protected accounts and other methods of restricting access.
As a rule, there is a division of environments – into production and test. A very limited number of employees have access to the production environment and their access must be carefully moderated. Most developers, testers, and analysts have access to the test environment.
Answering the question – how exactly did a Yandex.Food employee manage to get to the data from the database, we can assume several options.
The first and most prosaic one is that at some intervals the data from the production database is copied to the test environment in order to be able to test on data that is as close to real as possible. But there is a catch here – before such copying, self-respecting companies perform the procedure of depersonalization of sensitive data, such as phone numbers, first name, last name, etc. If the data was downloaded from the test database, this may mean that there are no depersonalization mechanisms, or they do not work correctly.
The second way how data can be carried away outside the company is directly unloading from the production database. But if this is the case, then a large number of questions immediately appear – how did the support team miss this. Because a large one-time data upload provokes a large load on the database and it is quite difficult to miss such a jump on the charts.
More exotic methods are possible – during equipment maintenance, disks with unencrypted information came to an unscrupulous employee who handed them over to someone who could understand what data was stored there and how to get it. But more often than not, everything is much more prosaic.
Is it possible not to give your data to a corporation and store personal information only on a smartphone? The short answer to this question is yes, you can. It is quite possible to store all personal information on the phone, and send some kind of anonymized token to the server. However, in this case, some functionality will be lost. For example, you are connecting from a new device and you will need to enter all your personal data. And also, do not forget that Yandex is analyzing data to optimize its recommendation and advertising algorithms. You can analyze “impersonal” user data only if you have it on your side. Plus, storing user data on the device will increase the amount of memory that the application will take up and the amount of network traffic for non-obvious functions where your information will be needed on another device. That is why it is not profitable for companies to store user data remotely on devices.
How can you protect the database using modern technologies? In fact, everything necessary has already been invented and implemented. Data encryption is available, splitting the database physically into different servers, so that even access to one element does not give access to the entire data picture. The questions are how exactly to assemble the system so that it is convenient to use and it is safe.
Unfortunately, the security of a system is calculated by the weakest link in the system. And the weakest and at the same time irreplaceable link is a person.