Staying safe online is not rocket science. Be careful, don’t get involved in fishy sites, don’t install stuff you don’t want to, etc. It all comes down to common sense for the most part.
But it is still possible for you to do everything correctly and carefully, and still find yourself victimized by cyber wrongdoers through none of your fault. Yes, the bad guys are smart, and they know their craft. One of the weaknesses they like to detect and exploit is data breaches and data leaks.
Data Breach. What Is It?
A data leak happens when private data entrusted to an online business becomes available to the public, or at least to an actor that was not supposed to have it. It usually results from criminal activities such as hacks, but lousy security policies and practices on the part of the business can also account for them. An unprotected database is a golden gift for a hacker who can spot it and knows what to do about it.
Once a wrongdoer has a hold on such a database, he can trigger heaps of trouble for its victims, especially when it comes to the following items:
- Passwords and usernames. Saving passwords as plaintext is one of the stupidest things data admins can possibly do. Consider that no server in the world keeps a user list like that; the passwords are always encrypted or stored as hashes. The security in a hash can be very strong or relatively weak, depending on the particular one you choose – but it’s still much better than plain text. In any case, a weak hash can be cracked more or less quickly so that a cybercriminal can start stuffing himself with new credentials to find out what he can do with them on other sites.
- Email addresses. As security threats go, this one is mild. If your email falls into the malicious hands, you’ll start getting more spam, which is a pain in the ass but hardly dangerous unless you fall for a phishing scheme or cooperate yourself in other ways.
- Personal details. It’s hard to imagine how important your home address, birthday, phone number, or other personal information can be until somebody misuses them against your will. The worst-case scenario is complete identity theft.
Data leaks do not happen all the time, but they do occur, which can be very harmful. Even tech’s bigger boys have suffered from data leaks (AOL in 2004, Yahoo in 2014, Facebook in 2008.) The Facebook hit affected the access tokens of 50m users. The hackers had access to the profiles and private information of all those people.
The press loves hacking news. And they’re not wrong. The more significant data breaches can harm millions of people at once, so headlines are fast to appear in the media. The datasets eventually find their way into some select internet forums, and some services are looking for that information for integrating them into their databases. The good news is that good guys are also doing it to find out if you are affected. Here are two such services you can consult to calibrate your situation:
- haveibeenpwned.com. This platform will tell you in seconds if you are a data breach victim. Just provide your emai, and the site tells you if it’s compromised or not, and what was the leak or leaks that did it.
- HPI Identity Leak Checker. HPI stands for Hasso-Plattner Institute’s Identity Leak Checker. It also utilizes your email for figuring out if any of your private information or vital stats are out there on the web. After searching with your email ID, you’ll get a table informing you on your account compromisation and what types of details are published somewhere on the Internet.
Compromised password lists are for credential stuffing. So if your account was included in a data breach, the first thing to do is change that account’s password. If you use that same password in any other service (which is a bad security practice in the first place), then you should change it too.
It goes without saying that having a unique password for each account you have on any service will go a long way in keeping your digital peace of mind and saving you some hassle if the shit hits the fan. Yes, it can be bothersome to memorize so many passwords and so many usernames. But there are good, safe password managers in the market that can help you with that.
If, because of the leak, you’re getting too many spams, phishing, or extortion emails, just ignore them. No, there’s not much else you can do about it.
Data breaches are not new. They pre-date the Internet by centuries. But, as it happens with everything else, the Internet puts the new century’s data breaches on steroids, so they’re bigger, stronger, and more dangerous than ever before.
But they come with the new digital territory in which we all live, so we have to learn how to live with them because they won’t be going away.
Fortunately, the tools exist to find out if you have been affected and act accordingly to keep your privacy and safety protected.
Enjoy your online activities and stay safe!