What Is a Data Breach? Have You Been Affected By a Leak?
The best protection against danger online is common sense. However, even if you do everything right, it's still possible to fall victim to cybercriminals, through no real fault of your own. One way that this can happen is through so-called data breaches / data leaks.
What Is a Data Breach?
Data leaks occur when private data, which you've saved with services or businesses online, is made public. This typically happens as a result of criminal activity, such as a hacker attack, but can also come about if a business or service doesn't exercise enough care or vigilance. Unprotected databanks are often weak points that are exploited in a stunningly efficient manner by cybercriminals.
Once a cybercriminal has gained access to your data, they can unleash a world of hurt, particularly in regards to the following:
Usernames and passwords
Larger companies don't typically save passwords in plain text, but rather as hashes. However, even though strong hashes do offer a considerable amount of security, weaker ones can be cracked, to say nothing of those services which save passwords in plain text. With such login information, cybercriminals can start credential stuffing, or using those same username/password combinations on other services in the hopes of prying them open.
If your email address winds up in the wrong hands, it can see your inbox suddenly become full of spam or extortion emails.
Of course, there is also a range of other personal data that cybercriminals can misuse, such as your home address, birthday, or phone number. With this, it's possible to steal someone's identity and engage in all sorts of fraud online.
Data leaks have impacted some of the biggest names online, from AOL (2004), to Yahoo (2014), to Facebook (2018). The last of these lost access tokens for around 50 million users, providing attackers with the means to glean entry to both profiles as well as private information.
Has My Data Been Leaked?
Especially when larger data breaches are made public, they quickly fill up the headlines, since they impact millions of people. Once the datasets start to appear on Internet forums, there are a number of services that save and integrate them into databases. These can then be queried, to see if your email address is included.
On Have I Been Pwned it's possible to ascertain whether you've been an unknowing victim of a data breach in just a matter of seconds. After entering your email address, the service will tell you not only if your email has been compromised, but also as part of which leaks.
HPI Identity Leak Checker
The Hasso-Plattner Institute's Identity Leak Checker uses your email address to determine if personal data (such as your address, birthday, or phone number) has been publicized online. After entering your email address, you'll receive a table that shows you when your account has been compromised, and which personal data associated with it was likely made off with.
What To Do if Your Data Has Been Leaked?
Password lists that have been publicized online are often used for credential stuffing. If your email account has been part of a data breach, you should therefore not only change the password with the service directly impacted but also for any other service using the same password.
To be on the safe side, it's also a good idea to have a different password for every online service that you create an account with. To save you the work that this would entail, you can use a password manager. In our EXPERTE.com evaluation, we took a closer look at 12 of the most popular providers on the market, to help you find the solution that best meets your needs.
For phishing, spam, or extortion emails, there's not much to do besides ignoring them, unless you want to create a new email address.
Data breaches have existed since the Internet first came into being, and unfortunately, don't look like ceasing any time soon. Luckily, in dedicated online databanks, you can find out if you've been impacted and take the necessary steps to shore up your digital defenses.
Secure and unique passwords are the best protection against cybercrime arising from data leaks. To help in creating and staying on top of these, we at EXPERTE.com recommend using a password manager.