Have I Been Pwned? – Dealing with the Recent Email Data Breach
January 22, 2019
In recent years online privacy has become the forefront of discussion due to the overwhelming amount of privacy issues the average consumer is facing. With large corporations being excessively careless with sensitive information, there is no surprise when larger breaches are announced. Unsurprisingly, the most recent data breach has been considered one of the “largest data breaches ever”, and there is a chance that you have been included in this leak and could possibly be at risk if you share the same passwords used on the leaked accounts with other accounts.
Unfortunately, the lack of reporting on the breaches has put most accounts in higher jeopardy than if the breaches were reported at the time of occurrence. The leak has been traced back to over 2,000 leaked databases which makes this information leak more extensive than if it was a singular site.
How Much of an Issue Is a Password Leak?
When a site is compromised for account information it is generally caused by a careless employee, or careless database set up. This claim can be backed by the recent Sony breach that occurred in 2014, which allowed for terabytes of data to be compromised including major motion pictures and millions of accounts log-ins. This attacked seemed to be targeted towards the movies only but when rifling through the information hackers found a folder named “password” which included a master list of account emails and passwords, that was quickly apprehended in the breach. This wasn’t the last of careless breaches and it certainly won’t be the last we will see in our lifetimes.
In the case of one of the most dangerous breaches, the Equifax security breach was entirely preventable as the web application that was being used by Equifax was simply out of date and was able to be updated. Equifax neglected to do just that and through an exploit found in the out of date version being used millions of individuals Equifax log-ins were leaked. These log-ins provided information to the user’s accounts including First and Last name, Address, and Social Security Number.
Another large breach would be the Yahoo data breach (or Verizon data breach) of 2016, which expanded to all 3 billion accounts on their platform. This included information for first names and last names but luckily no financial information. This was done through simple phishing emails that were targeted at Yahoo employees until one with enough account access was apprehended. Once inside, the hackers installed a backdoor to negate the risk of ever being kicked off the secure servers. It is urgent for all Yahoo members, no matter how long, to change email password to avoid any big compromises.
Lastly, Marriott was recently publicized in the news with its breach dating back around 4 years ago that affected about 500 million accounts including financial, personal and sensitive information that has since been leaked online. With this information withheld from the public for so long there is a lot of room for all the accounts to have been scraped and gone through for every piece of information that could either be sold or maliciously used. It is recommended to contact a credit monitoring provider to have an assessment of your credit history generated to see if any malicious activity has been reported.
How Do I Know If I’ve Been Breached?
Information is power when it comes to mitigating the damage caused by a large leak of sensitive information, but the neglect from companies to report a data breach could essentially put you into a tough spot if your name is at the top of the list and months have gone by. This is why you are able to purchase identity protection from multiple companies that offer to actively monitor your email address for any disruptions or if it’s been discovered as part of a breach. Though, paid tools are not always necessary to monitor this activity. Services such as Have I Been Pwned password and email checker have been released to the public by Microsoft’s web security expert Troy Hunt.
The website Have I Been Pwned provides you with a free email address search when loading the initial site. Once your email has been provided, the site will load within seconds a visual report of all the breaches you have been involved in. In addition, it will also provide a quick summary of each breach. The list will also show information from compromised sites which will indicate what leak you were potentially compromised in. It’s important to remember that the break down isn’t as in-depth as services such as Credit Karma. The benefit of using Have I Been Pawned is that it’s a quick reference tool that can be Refereed to at any time.
If you are looking for a more in-depth break down setting up the free credit karma identity monitoring option will allow the service to notify you via email if you are found in any of the active breaches. This service also provides you with all the active passwords found during the individual breaches and warns you of which ones to avoid using. The only downside is that this service is not instantaneous and needs to be enabled to work over time. But, once it’s on there is no need to turn it off as it always monitors in the background. This new service also provides a free Equifax data breach check that will allow you to stop any unauthorized movement on your credit accounts unless provided permission by the credit owner.
I’ve Been Compromised, Now What?
If you have found yourself to be compromised in several of the recent attacks the first thing to do is not panic. Calling the individual companies will not provide you with the solutions you need, as you’ll just receive answers evading the issue (unless it is a bank’s website). The best thing to do would be to change your password and create a new free email address, such as a Gmail, and switch the account email to the new one. If you can justify it, creating a new account will allow you to mitigate the harm that could be caused by the old one as the account will just remain dormant with no new activity.
Setting up the previously mentioned Credit Karma identity monitoring tools will allow you to actively monitor the new email address you set up. But it is important to go back and change the passwords to all your previously existing email addresses. Provided are guides to instruct you how to change email password for the most common email services: Change Yahoo password, change Verizon email password, change Comcast email password and Change outlook password.
Can I Prevent This from Happening?
Unfortunately, there is little you can do in the overall prevention on main email addresses, but if you are looking to sign up for a service you will only be using a single time the best thing you can do is to set up a temporary email address. You can do this through Gmail and have a “burner” email address that provides no real information but can be used as a log-in for other sites. Another option would be to create an expiring email address that only lasts for a set amount of time. One of the most popular among those created is 10 Minute Mail, a service that provides you with exactly what it says – an email that expires after 10 minutes. This way even if the site was to be breached there is no way for any of your personal information to be grabbed.
For websites requiring purchases, or subscriptions, a recent service called Privacy.com was created to allow you to link an existing card to one of their secure virtual cards with a randomized credit card number. This way, instead of putting your real card information into these websites you will be putting a fake provided number into services such as Netflix, Spotify, and Hulu. If your information is ever stolen from these websites, the individual will not be able to do anything with the stolen credit card number.
