Many service providers offer encryption in transit (HTTPS connection) and encryption at rest (data is stored encrypted on the servers). However, this does not prevent third parties from accessing sensitive user data. For example, company employees, selling data for advertising purposes or a server attacked by hackers.