You’re Handing Out Your Data Like Cheap Candy — Web3 Can Stop It
“Your data could still be at risk from hacks at Marks & Spencer, Co-op, and Coinbase weeks ago — take control with Web3,” says Ronnie Huss.
A Digital Wasteland: Data Leaks from Cracked Servers, but Web3’s Vault Offers Hope
A few weeks back, my inbox delivered a gut punch.
Marks & Spencer: “We’ve been hacked.” My name, address, and order history — gone.
Days later, Co-op confessed hackers snagged data from millions of members.
Then Coinbase dropped a bombshell: bribed employees leaked sensitive user info, with losses projected up to $400 million.
And just when you thought the bleeding stopped, a massive dark web data dump — billions of stolen records — hit the underground, fueling fraud, phishing, and identity theft.
I wasn’t just a victim. I was complicit.
Every “free” app, cookie click, and loyalty signup was me tossing personal info like cheap Halloween candy to Big Tech and cyber gangs.
You’re probably doing the same.
But there’s a way out — and Web3 is the door.
🍬 The Data Candy Trap
Your data isn’t just stolen. You’re handing it over. Google tracks your 2 a.m. breakdowns. Meta logs who you ghosted. Hackers snag your home address — because companies like Marks & Spencer, Co-op, and Coinbase store it on centralized servers, ripe for the picking.
Spilling Secrets: Web2’s Candy Bowl Feeds Big Tech and Hackers in a Neon Nightmare
The stats are staggering:
In 2024, 2.6 billion personal records were exposed globally.By May 2025, breaches at Marks & Spencer, Co-op, and others contributed to billions more, with a dark web dump of 1.2 billion Facebook records alone.The cost? Identity theft, financial fraud, and social engineering scams are skyrocketing, with losses in the billions.
Take Marks & Spencer: The DragonForce ransomware gang used social engineering to trick support staff into resetting logins, encrypting systems across 1,400 stores and stealing millions of customer files.
Co-op’s breach exposed personal data of current and former members after attackers reset an employee’s password.
Coinbase? Insiders were bribed, leaking names, addresses, and partial bank details for 69,461 users, with remediation costs estimated between $180 million and $400 million.
This isn’t random. It’s a Web2 design flaw. Centralized servers are hacker honeypots — and you’re the prize.
🩻 Case Study: When Data Goes Nuclear
Breach Fallout: Marks & Spencer and Coinbase Crumble in a Dystopian Data Explosion
Marks & Spencer, April 2025
DragonForce ransomware struck, exploiting social engineering to reset internal passwords.
Impact: 9.4 million customers’ names, addresses, and order histories compromised. Stores paralyzed, online systems offline, and £43 million in weekly losses.Dark Web Fallout: Stolen data is now traded, fueling fraud and phishing scams.
Co-op, Spring 2025
Hackers, tied to the Scattered Spider group, used social engineering to breach Active Directory data.
Impact: Personal info of millions of members exposed, with disruptions lingering for weeks.
Coinbase, December 2024 — May 2025
Bribed overseas support agents leaked user data — names, addresses, partial bank details, and ID images — for 69,461 accounts. Hackers demanded a $20 million ransom; Coinbase fought back, offering a $20 million reward for the culprits’ arrest.
Impact: Costs could hit $400 million for remediation and reimbursements. Lawsuits pile up, alleging delayed disclosure and weak security.
The Fix?
Had these companies used decentralized storage like IPFS, Filecoin, or Ceramic, no central vault would’ve existed to raid. Data, sharded and encrypted, could’ve stayed in users’ hands. Breaches? Harder. Damage? Minimal.
This isn’t just their failure. It’s Web2 crumbling under its own weight.
⚠️ Why Web2 Loves Your Candy
Web2 thrives on surveillance.
Centralized servers hoard your data. Ad-driven platforms package and sell it. Hackers cash in when breaches hit.
2025 Snapshot: The Coinbase breach mirrors Web2 vulnerabilities even in Web3-adjacent firms, with bribed insiders exposing sensitive info.Dark Web Boom: Billions of records — names, addresses, SSNs — from M&S, Coinbase, and beyond now trade like candy, risking real-world fraud and even physical robberies, as seen post-Ledger breach in 2020.
You’re not a user in this system. You’re inventory.
When breaches hit, you get a “sorry” email. Hackers get your life.
🛡️ Web3’s Data Wallet: Flip the Script
Your Shield in Chaos: Web3 Wallets Lock Data in a Fractured Digital World
Imagine this: You control your data like it’s cash.
Web3 delivers self-sovereign identity and storage:
Web3 Wallets: Tools like Ceramic, uPort, or MetaMask let you hold encrypted data — your name, ID, or history — and share only what’s needed, revoking access anytime.Decentralized Storage: Filecoin and IPFS shard your data across global nodes, encrypted by blockchain tech. No single point of failure.Verifiable Credentials: Prove who you are without oversharing — think digital IDs you control, not a company’s server.
Real Impact:
No central honeypot for hackers to target.You decide who sees your address or payment history — retailers like M&S get only what’s essential.Breaches like Coinbase’s lose steam when data isn’t pooled for insiders to leak.
Web3 isn’t utopia. It’s a better design — permissionless, encrypted, and user-first. Your data becomes your vault, not Big Tech’s candy bowl.
⚔️ How to Stop Being Big Tech’s Candy Jar
Don’t wait for your breach email. Act now:
Audit Your Apps
Check Google/Apple settings. Revoke unused app permissions. See what’s tracking you.
Try Web3 Tools
Install MetaMask for crypto and identity.Explore Ceramic for self-sovereign data.Use Brave, a privacy-first browser.
Switch to Decentralized Platforms
Test Lens or Farcaster for social media that respects your control.
Stay Vigilant
Post-breach scams spike — phishers use stolen data to trick you.Never share 2FA codes or passwords.
Educate Others
Share this article. Awareness is your first shield.
📊 Infographic: Web2 vs. Web3
🧭 The Ronnie Huss POV
I’ve built token economies, AI-native SaaS, and decentralized apps. One truth stands out:
Web2 gave us speed. Web3 must give us sovereignty.
Data is power. The 2025 breaches — Marks & Spencer, Co-op, Coinbase — prove it: 69,461 users hit, billions of records dumped, and costs soaring past $400 million. You’re not just at risk of fraud; real-world threats like robberies loom when addresses leak.
Web3 isn’t perfect — adoption lags, UX needs polish — but it’s a rebellion. Blockchain, decentralized storage, and self-sovereign wallets shift you from passive inventory to active owner.
This isn’t about privacy for privacy’s sake. It’s survival on a digital battlefield.
The candy’s been stolen. Grab the bowl back. Join the fight.
💬 Let’s Stay Connected — Signal Over Noise
If this lit a spark — a new perspective, a burning question, or a call to act — let’s keep it rolling.
👉 Follow me for essays, frameworks, and raw frontier thinking:
🧭 Blog: ronniehuss.co.uk
✍️ Medium: medium.com/@ronnie_huss
💼 LinkedIn: linkedin.com/in/ronniehuss
🧵 Twitter/X: twitter.com/ronniehuss
🧠 HackerNoon: hackernoon.com/@ronnie_huss
You’re Handing Out Your Data Like Cheap Candy — Web3 Can Stop It was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.