The best protection against digital dangers is common sense. However, even if you do everything right, it's still possible to fall victim to cybercriminals. One of the most common ways that this happens is through so-called data breaches or data leaks.
What Is a Data Breach?
Data breaches or leaks occur when private data that you've saved with services or businesses online is made public. This typically happens as a result of criminal activity, such as a hacker attack, but can also come about if a business or service doesn't exercise enough care or vigilance. Unprotected databases are often exploited in a stunningly efficient manner by cybercriminals.
Once a cybercriminal has gained access to your data, they can unleash a world of hurt, particularly in regard to the following:
Usernames and passwords
Larger companies usually save passwords as hashes. However, even though strong hashes do offer a considerable amount of security, weaker ones can be cracked, to say nothing of those services which save passwords in plain text. With such login information, cybercriminals can start credential stuffing, or trying those same username/password combinations on other services in the hopes of prying them open.
If your email address winds up in the wrong hands, your can inbox suddenly become loaded with spam or extortion emails.
Of course, there is plenty of other personal data that cybercriminals can misuse, such as your home address, birthday, or phone number. With enough of this, it's possible to steal someone's identity and engage in all sorts of fraud online.
Data leaks have impacted some of the biggest names online, from AOL (2004) to Yahoo (2014), to Facebook (2018). The last of these lost around 50 million user access tokens, making it possible for attackers to access user profiles and private information.
Has My Data Been Leaked?
Especially when larger data breaches become public, they quickly dominate the headlines. Once the datasets start to appear on Internet forums, there are a number of services that save and integrate them into databases. These can then be queried, to see if your email address is included.
On Have I Been Pwned you can check whether you've been an unknowing victim of a data breach in a matter of seconds. After entering your email address, the service will tell you not only if your email has been compromised, but also where it was leaked.
HPI Identity Leak Checker
The Hasso-Plattner Institute's Identity Leak Checker uses your email address to determine if personal data (such as your address, birthday, or phone number) has been published online. After entering your email address, you'll receive a table that shows you when your account was compromised, and which personal data associated with it was likely stolen.
What to Do if Your Data Has Been Leaked?
Password lists that have been released online are often used for credential stuffing. If your email account has been part of a data breach, you should therefore not only change the password for that account but also for any other service that uses the same password.
To be on the safe side, it's strongly recommended to have a different password for each online account you have. To save you the work that remembering each of these would entail, use a password manager. In our comprehensive EXPERTE.com review of password managers, we tested 12 of the most popular solutions on the market, to help you find the one that best meets your needs.
For phishing, spam, or extortion emails, there's not much to do besides ignoring them, unless you want to create a new email address.
Data breaches have existed as long as the Internet, and unfortunately, don't look like stopping any time soon. Luckily, in dedicated online databases, you can find out if you've been impacted and take the necessary steps to enhance your digital defenses.
Secure and unique passwords are the best protection against cybercrime fuelled by data leaks. To help in creating and staying on top of these, we recommend using a password manager.