What to Do If Your Data Is Included in a Leak

Data Leaks

Data breaches and leaks are now, unfortunately, becoming a regular occurrence and can happen to any business or individual. One of the biggest leaks only happened recently when 533 million Facebook records were released.

Even if you weren’t affected by that one, you may still be at risk as there is no easy way to know if your information has been leaked. When a business is hacked, it typically sends a notification letting you know there has been a leak, but this isn’t guaranteed. Going into the dark web yourself to check is also not recommended  (it is difficult to find and dangerous to access – which is why the bad guys like it).

A good idea to navigate to Have I Been Pwned (https://haveibeenpwned.com) to see if your email address or phone number is on any data breach files. This website isn’t conclusive though, but it can help.

Even, if you’re not sure if you have been a victim of a data leak, you should take some simple steps:

1) Limit your sharing on social media

It is simple to share on social media – that is part of the fun. You share the pictures of your wedding day or anniversary, or your new house with its address. You’re filling in family and friends in your life, right?

Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo who uses the feline’s name as a password gives hackers an edge.

You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.

2) Don’t Use Your Social Media Accounts to Login to Other Sites

It may be convenient to use your Facebook or other social media account to sign in to connected applications, as it is easier to remember But you are increasing the risk of account compromise.

The hacker may access the third-party application and use that as a stepping stone to get into your social account and any other accounts using those same credentials.

3) Use Unique Passwords / Passphrases

Yes it is true, people still use “12345678”, “password” and other easily guessable passwords? If you are one of them, stop now! We have said it before, and we will say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach causing a domino effect and effected all of your online accounts.

You can use a an online service such as 1Password or LastPass or a onsite application like KeePass to manage your many passwords.

4) Use Multi Factor Authentication (MFA)

Enabling MFA or 2FA is a must for all your online accounts as it makes it far more challenging for hackers. Now, they will need to obtain access not only to log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birthdate from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.

Even better, use a 2FA app to confirm your identity. AuthPoint, Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete your access.

5) Develop an Alter Ego

Having an email account to be a burner account for social media can be a good idea. You could also use a fake birth date, a fake school and other alternative facts to fill out the social profile (but record down what you have used).

Do not use this account to fabricate personal details for an employer, a financial or educational institution. But you might use a fake identity for entertainment, gaming and social sites that bad guys may mine for your personal data.

Do you need help securing your online accounts? Our tech experts can help. Contact us today!

Leave a Reply

Your email address will not be published. Required fields are marked *