What’s the Difference Between Hackers, Malware, and Data breaches

When you use ProtonVPN to browse the web, your Internet connection is encrypted. By routing your connection through encrypted tunnels, ProtonVPN's advanced security features ensures that an attacker cannot eavesdrop on your connection. It also allows you to access websites that might be blocked in your country.

What’s the Difference Between Hackers, Malware, and Data breaches


We’ve all read about various forms of cybercrime and its various levels of impact. Oftentimes we hear about a company whose network has been compromised, leading to the loss of sensitive information. But that’s just one scenario out of many. For example, just exactly who is a hacker and what’s the difference between malicious hacking and ethical hacking? And how do you define what happens after a successful hack? Is it a data breach or a security incident?


Before I dig in further to make sense of it all, there are three simple categories into which all of this comes together: those who break in, what they use to break in, and what happens after a break in.
Who is trying to break in to your accounts?

  • Malicious hackers: A person or a group of individuals who make a concerted effort to break into an organization’s network or a personal computer or device to do harm of some kind. They are often in it to make money and work somewhere in the Dark Web. These individuals are called Black Hats. Malicious hackers can also be those who have been tasked, as citizens or otherwise, to instigate a nation state-sponsored attack meant to disrupt operations or steal information from a government organization or company in the private sector within another nation-state.
  • Hacktivists: A person or group of people who might either break in, or simply knock on the front door to prove they could break in if they wanted to. Hacktivists are not in it to make money. Their goal is to promote a personal or organization’s agenda, or affect social change. Basically, a hacktivist wants to make a point that networks and computers are not impervious to their attacks, and what they can view, extract, and share may be information they feel should be shared publicly. For example, Wikileaks is a well-known hacktivist group.

  • Ethical hackers: An ethical hacker, sometimes called a security researcher, will work to find and exploit a vulnerable piece of technology (aka a vulnerability). These individuals often identify a software or hardware flaw and inform the vendor that something needs a patch. For example, LastPass has a bug bounty program where security researches can responsibly report any issues they find. When valid issues are found, we offer rewards proportionate with the severity of the issue. This is a great way to keep your product strong and safe.
    What are they using to break into your accounts?

Software in the form of executable code or a script that has been programmed to break into a network or computer, to cause harm or not, has many names and forms. The overarching term for this is “malware” which is shorthand for “malicious software”.


Malware essentially activates itself once it gains entry through a vulnerability. The code itself has many names and variants including virus, worm, ransomware, adware, and Trojan Horses. Missing from the list is “bug” because it is a flaw (or mistake) that made its way into existing software or hardware by the engineers who programmed it.
What happens after your accounts have been compromised?

We hear “data breach” in the news associated with companies like Marriott and others. A data breach is an after-effect of a security event or incident. From a legal perspective, what it is called makes a very big difference.

  • Security event: This is when something has occurred that presents a security risk to any degree of severity. It is essentially a noticeable change in the typical behavior of network, system, process, or computer. It can range from a normal event that does not require a response, to an emergency event which requires immediate action.
  • Security incident: The difference between an event and an incident is human. An incident is something that can be determined to be caused by a person or group of people. An incident can become a serious situation when it is determined that there is malicious intent behind it. As a point of clarification, all incidents are a form of an event, yet not all events constitute an incident. For example, when there is a defect or flaw (aka our friend the bug) there may be a technical failure as a result. This is a random event, and not an intended, malicious one.
  • Data breach: This is a type of security incident where sensitive information has been exposed and stolen due to unauthorized access. An organization that has suffered a data breach is bound by regulations such as HIPAA to inform those who have been affected by the loss of their personal information such as credit card numbers or patient health information (PHI).
    How to Keep from Getting Broken Into

There are dozens of technologies and associated processes that layered together to reduce the amount of risk to a reasonable degree. Gone are the days where an organization can comfortably say they are safe from attack. Nowadays it is more about knowing an attack will happen, determining acceptable levels or risk, and focusing on the areas that are most vulnerable.


Consumers can do a number of things to raise our awareness and get educated. This can include understanding what a phishing email looks like or being diligent on hacking prevention and data security.{Source}Leah Bachman, LogMeIn Ireland



My thoughts


One of the best ways to protect yourself is with a VPN. There is not just 1 solution, it requires layers of security to be secure. But, good core technology and minimum protection level should always be a VPN. This is true for any platform. What’s nice about the VPN below is that its multilayered security in one package. This is very rare in this industry. Why sell many layers that are less expensive, when you can charge the customer again for another layer. Click on the link below, it’s 100% safe. They have a free version. Please give it try regardless of what type of device you are using. Also, the better VPN providers offer only a trial free version. They protect your data up to ”X” amount of megabytes (MB). Once you go past that limit, you are not protected. This free version is free, unlimited, and for all your devices. I’ll recommend this VPN over all others and I’ll say the same in 6 months or a year away. They are currently working on a project with Mozilla and another project with WireGuard, the next generation of VPN technology.

Click below if you are serious about protecting your data, identity, and online privacy.

Secure Core Swiss VPN plus TOR Project Anonymous Technology