What to Do If Your Data Is Included in a Leak
Data breaches are now daily occurrences and can happen to any business. The April 2021 leak of 533 million Facebook records was one of the largest known data leaks, but even if you weren't affected by that one, you may still be at risk.
There is no easy way to know if your information has been leaked. When a business is hacked, it typically sends a notification letting you know, but this isn't guaranteed. And you can't go in and check the Dark Web. It is difficult to find and dangerous to access, and that is why the bad guys like it.
It's a good idea to navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files. This isn't conclusive, but it can help.
Even, if you're not sure if you've been a victim of a data leak, you'll want to take action.
There are several smart strategies to follow immediately.
#1 Limit your social sharing
It is simple to share on social media – that is part of the fun. You share the pictures of your wedding day or anniversary, or your new house with its address. You're filling in family and friends in your life, right?
Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called "Petunia" in every photo who uses the feline's name as a password gives hackers an edge.
You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.
#2 Use Unique Passwords
Would you believe people still use "12345678" and "password" as their passwords? If you are one of them, stop now. We've said it before, and we'll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.
You might use a password keeper such as 1Password or LastPass to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them.
#3 Add Two-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need to obtain access not only to log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn't the best solution. If the hacker has your name, address, and birthdate from the Dark Web, they can take over your phone number, too. They call the company and say, "I lost my phone. Can I get another SIM card." Then, they are the ones to get those verification codes via message, not you.
Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.
#4 Stop Signing into Other Sites Using Social
Sure, it is convenient to use your Facebook or other social media account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too. Yet you are increasing the risk of account compromise.
The hacker may access the third-party application and use that as a stepping stone to get into your social account. That's where the trove of data is.
#5 Develop an Alternate Ego
It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.
Don't fabricate personal details for an employer, or a financial or educational institution. But you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.