While most online and cloud services use the latest security tools, their prominence also makes them enticing targets for hackers and other criminals. Why compromise just one account when you could access the data on thousands or millions of users at a time?
As such, popular services regularly fall victim to data breaches, where hackers uncover user data (possibly including username and password information, credit card and payment data, personal contact information, and more). Most services should (but not always) attempt to contact users in the case that their login data becomes compromised, but it’s never a bad idea to take data security into your own hands.
Have I Been Pwned?
The website ‘Have I Been Pwned?’ allows you to search any email addresses you have to see if they are associated with a data breach. If so, the site displays any services attached to that email account that have been compromised, along with general information about what sort of data was stolen during the event in question. Note that ‘Have I Been Pwned?’ does not give specific information about your account security; it will only let you know if the services you use have been compromised.
The site has a number of other features in order to help users maintain their account security. In addition to searching for breaches related to your email address, you can perform a search on passwords you use or your organization’s domain to determine if they’ve been compromised. It allows a user to set up email notifications in case a particular account is affected by a breach. Finally, the site offers a comprehensive list of breach events, which you can use to evaluate online services and their security history.
Next Steps
So what do you do if you have, in fact, ‘been pwned’? In this case, it is crucial to update the login credentials of those services as soon as possible, to prevent online criminals from accessing your account and making use of whatever data they find there. Furthermore, if you use a common password for all online accounts and services (which Nodal does NOT recommend!), we advise that you update those accounts as well. It would not take a hacker long to access other services under your name if he has your commonly-used login/email address and password; this is a practice known as ‘credential stuffing’.
If you find that financial information may have been compromised, take steps with your bank to guard against fraudulent charges made on your account or credit card. And as we discuss in our article on two-factor authentication, enabling 2FA on your accounts can keep your data secure even in the event that login credentials are uncovered by online criminals.
It’s important to take stock of your online security status, so we would recommend taking a look through ‘Have I Been Pwned?’ and verify that your accounts remain secure. If you have any questions about your account security or on how to maintain your login credentials, feel free to reach out to Nodal!