New Zealand's top spy boss has issued a stark warning to Kiwis about how they're using the internet, while another expert has labeled social media data gathering as the "greatest scam of all time".
Government Communications and Security Bureau (GCSB) Director-General Andrew Hampton appeared in Patrick Gower's new documentary On Cyber Crime on Tuesday, where he spoke about how privacy was becoming out of New Zealanders' control through the use of social media.
"There are companies who hold way more information about individuals and businesses than the bureau would ever be able to access and I suspect it's only going to increase as well," Hampton said.
"Once something's online, it's outside of your own direct control."
And it's not just vulnerable people under threat - but all New Zealanders.
'This is a scam'
In the world of social media, big international data companies are having a huge influence - with Google and Facebook being in the top 10 biggest firms in the world. They've made billions of dollars through the use of people's data.
Last year Facebook, now known as Meta, made $115 billion.
"Really, this is a scam," said Gehan Gunasekara, a privacy law expert at the University of Auckland. "In my opinion, it's the greatest scam of all time. These companies have, essentially, been taking the data from us without compensating us.
"What we've allowed is these companies to come into our most intimate settings and to know our most personal secrets and that's a real worry.
"In my opinion, a lot of that data is being taken from people without their consent."
What happens when that data is stolen?
Private information people put online is getting out through massive data breaches and attacks by criminals.
For cyber criminals, the first place to look for stolen information is the dark web - which sells everything from people's passwords to drugs.
Cyber crimes aimed at Kiwi businesses and infrastructure mainly come from criminal gangs or groups in other countries that have some level of support from their governments, such as China and the rising threat from Russia.
The GCSB deals with attacks of "national significance".
"Last year, we recorded 404 incidents that met that threshold for us to be focused on them," Hampton said. "Of those, 29 percent were linked to state-sponsored actors - about 27 percent were sophisticated criminal groups."
Experts say the more New Zealanders put themselves online, the more vulnerable they become to such attacks.
"[There is] more remote working, more people providing services online, more people relying on the internet to stay connected and that's all really great stuff, but what that also has done is increased the attack surface of the country hugely," Hampton explained.
Low-level criminals, international hacker cartels and even countries are coming after New Zealand's cyber security - like the attack on the Waikato District Health Board last year - there's not much that can be done about it.
And with many people spending a huge amount of their lives online, it was impossible to know who to trust.
"In this new environment, it's much harder for people to know how they can secure themselves against intruders," Gunasekara said.
"The internet needs to have safety built-in and not leave it to us to figure it out."
