Data breaches are all too common in today’s world. Our whole lives are online.
We have accounts of every kind: shopping, banking, kid’s websites and games, video streaming, restaurants, among others. It’s staggering really.
With all these data breaches, what should I do after data breach?
Do we know what steps need to be taken, when your email or password is compromised?
Have you thought about how many websites you have had to give user names, passwords, and even financial information?
Let us dive in right away to see how to safeguard our data and the steps needed after a data breach.
Data breaches come in all shapes and sizes. Marriott Hotels recorded a data breach in January 2019 that included credit card numbers and passport numbers of over 383 million guests.
In August 2019, Facebook had 540 million breached accounts which exposed account information. The breach included user names, IDs, and passwords.
This all happened because this information was being kept on unprotected servers (1).
In November 2019, an employee at Trend Micro stole the personal data of over 70,000 of the firm’s customers and then used the information to scam the customers (1).
According to the FBI, there were 467,361 reports of complaints of personal and business data breaches including breached accounts and leaked emails in 2019. This added up to $3.5 billion of losses. Many of these breaches were caused by exposed accounts, email scams, hacking, and even extortion (2).
A data breach is when information is stolen or taken without the knowledge or authorization of a system’s owner.
Often breached data involves sensitive or confidential information like credit card numbers, addresses, social security numbers, bank account numbers, or customer information (3).
People who cause data breaches often use data from leaked emails and exposed accounts for various purposes:
Hackers are experts at finding ways to expose weaknesses in web browsers, operating systems, software, computers, or companies that store information. Data breaches occur for many reasons:
At least a few times every month there is news about breached accounts, exposed accounts, or leaked emails at businesses, banks, email servers, etc.
We may even be notified by our bank or credit card companies about a possible breach of their systems. Additionally, we may be able to find out if our data has been breached from the website of the company that had the breach.
Last year my credit card company froze my account when there was suspicious activity. I was so glad they caught it before more could be done to my account.
In the end, the company froze my account, reissued a new card, and put a “fraud alert” on my account.
We each have a responsibility to be vigilant to watch our accounts for any suspicious activity, regularly check in on my online accounts to watch for suspicious activity, exposed accounts, or breached accounts that the credit card company or bank may not catch.
I have to do this for all accounts I have online that have my personal information on them or sensitive emails in them.
It can be difficult to know if an email account has been compromised since email companies don’t necessarily track usage.
I do get updates from Google if my Google accounts have been accessed on different devices. It is a great way to help me know if I have a leaked email account and it has been accessed by someone else.
XposedOrNot.com is a great resource for knowing if an email account has been compromised in any way. All you need to do is enter your email and it tells you if you have an exposed account and all its related parameters.
Unfortunately, the odds are pretty high that we may be faced with compromised data, leaked emails, or exposed accounts since our information is out on the internet on so many websites and accounts.. So what can be done if my email has been compromised? What can I do if my information or accounts have been breached?
Computer technology and the internet are constantly changing. As technology changes, there are always issues that arise with security that can open people up to breached accounts.
Hackers and those who set out to steal information are quick to find and exploit weaknesses of email systems, operating systems, and web browsers.
It seems like an ever-evolving race as technology change the hackers are quick to adapt and then the technology companies rush to cover up any weaknesses, leaks, or other issues that may have been revealed by hackers and exposed accounts.
There are several things that we can do to help guard against internet and email weaknesses. Some of these things include:
Passwords are most secure when there it is at least 12 characters or more and consists of a combination of letters and numbers. Additionally, passwords should not be a common phrase like “password” or “mypassword” or familiar names associated with a person.
Associated names like nicknames, family member names, or other information may be easy to find using a simple search on social media sites.
If that information may be found there, then don’t use them as a part of a password. Instead, it is better if a password is random (9).
Email logins and passwords can be secured in many different ways. It is important to try to not overuse a password. Using the same password for many different sites creates open doors for a hacker to get into multiple accounts.
This adds to the level of security for the account (5). Two-factor authentication is when more information is required to verify identity to get into an account after already using a log-in and password.
This could be in the form of application like [Google Authenticator(Android & iPhone), Microsoft Authenticator, bio-metric scanners (usually used to get into a computer or phone), receiving a code via email or text message, etc.(8)
Operating system makers like Microsoft, Apple, Google, and others are regularly creating updates or “patches” to their operating systems to correct vulnerabilities. Every computer, mobile, and tablet has its own operating system.
All operating systems will have an option to automatically update whenever the company develops a new one.
As soon as it is available, it downloads directly onto the device and requires very little from the owner of the device.
This option should be turned on all of the time unless there is a specific reason not to.
If it is not turned on or you aren’t sure if your system is up-to-date, you can always manually update it or check if it is updated (7).
Companies that make web browsers will regularly create updates to fix weaknesses so that hackers won’t be able to get in.
All browsers have an option to turn on regular automatic updates.
If the option to automatically update has been turned off for any reason, it can always be started manually (7).
It is tricky how emails are sent and either use names of or names close to people we know.
It is easy to open emails thinking that it is from someone known but instead it isn’t.
If it is opened malware has then been opened up on the computer or device.
It is important to stay vigilant and wary of anything suspicious and not open it (9).
This is one of the easiest ways in which many are falling prey to scams. Avoid trusting a well-written email asking for your credentials or asking you to verify to claim a reward or gift.
Never respond to an email requesting information unless they are known and trusted by you.
Hackers are experts at telling good stories to influence people to give them information or money.
Billions of dollars every year are stolen through data breaches involving compromised emails, leaked emails, exposed accounts, and breached accounts.
As a consumer and a daily user of internet accounts, we need to take responsibility to do all that we can to make sure we don’t end up with any exposed accounts or leaked emails by hackers bent on stealing our information.
There are many actions that we can take if we have any breached accounts. We must actively communicate with the appropriate companies to make sure our finances and information remain safe even after a breach.
We must also change logins, accept help, monitor accounts, notify appropriate companies, and notify credit bureaus.
Before there are any breached accounts, though, it is important for us to do all that we can to prevent it.
We must better secure email logins and passwords, use two-factor or multi-factor authentication, use password managers, update operating systems and web browsers, and be vigilant about suspicious emails, scam emails, and suspicious websites.
Data security takes vigilance and time, but it is well worth the effort.
Exposed accounts and leaked emails can cost us a lot of time and money. Not just that, the pain of going through such unwanted transactions misusing our accounts is pretty heavy as well.
Question now is, how secure are your online accounts?
What are the ways and means in which you secure your accounts? Are there any areas or steps that can be done or focused for post data breach actions than the ones explained in here?
Please let me know in the comments.