How To Find Out If You Have Been Hacked, Who May Have Your Data & What To Do About It
Unless you’re a newborn, your digital footprint — that is, the data you are sharing online with companies and service providers — is littered all over the web. Even if you don’t see it on your timeline or profile, it is still out there, somewhere in the ‘cloud’. As they say, there is no ‘cloud’, it’s just someone else’s computer. Even in the face of the rising cases of data breaches, privacy and security concerns, trying to scrub all your personal data from the Internet is a Sisyphean task.
In Greek mythology Sisyphus or Sisyphos was the king of Ephyra. He was punished for his self-aggrandizing craftiness and deceitfulness by being forced to roll an immense boulder up a hill only for it to roll down every time it neared the top, repeating this action for eternity.
Data Breaches By The Numbers
The first six months of 2019 saw more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records — a 54% increase over the preceding four years.
In 2016, 95% of breached records came from the government, retail, and technology. Currently, a cyberattack occurs every 39 seconds and by 2021, it is estimated that a business will fall victim to a ransomware attack every 11 seconds. It takes, on average, 7 months to identify a breach and around two and a half months to contain a breach.
With 90% of malware coming from emails and only 5% of a company’s folders are said to be protected, company-wide changes have to be implemented to improve overall security behavior. In the rapidly evolving field of data security, it’s vital that business owners stay informed of all potential issues.
Use haveibeenpwned To Find Out Breaches You Were Pawned In
Have I Been Pwned is one of the oldest and most popular site to check if you have an account that has been compromised in a data breach. According to the site, one of my email addresses and password were found in the mid-2012 Dropbox data breach which exposed the stored credentials of tens of millions of their customers. Three other breaches put in the open my name, job titles, employers details, physical addresses, phone numbers, social media profiles, date of birth, gender and IP addresses.
Use Avast Hackcheck
Alternative to haveibeenpwned, you can use Avast’s hack check. It will check if your password has been leaked and send you a report to your email. For me it confirmed most of my compromised data that haveibeenpwned had found. But what was more surprising was the fact that on the details of a breach on Netlog (formerly known as Facebox and Bingbox) which I don’t remember ever interacting with, they actually had my email and password and stated that these were being sold on the dark web.
Know Your Personal Data Protection Rights
You have the right to find out if an organization is using or storing your personal data. If affirmative, they are obligated to inform you of this and to give you copies of your data in a way that is accessible, that is if you want it. You can also choose to limit the way they use it or entirely object to the processing or use of your data in some circumstances by requesting that they delete it. And if you feel that the data that any organization has on you is not correct, you are allowed to raise a concern, challenge the accuracy of the data and get it corrected.
Scan Your Devices
Even if your personal data was compromised in a data breach, start off by scanning your computer or phone for viruses and malware. Run a security scan of your computer using a reliable antivirus program and malware detector, which can help you find and eliminate any programs lurking on your hard drive, waiting to do more damage. Even phones nowadays have antivirus applications which you can install and use. Look through your devices for any suspicious applications. Check for apps that you don’t remember ever installing that may have come as bundleware and uninstall them. Google also has Play Protect in the Android Play Store that checks to see if any apps that you are installing or have installed are safe.
Change Your Password
Once your device is free of malware, it’s time to change your password. Take this opportunity to change the passwords on all similar or related accounts. Even if you didn’t use the same password, you could still be in trouble. This may be tedious but you have to remember that a hacker who has control of your email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts. This can be easily achieved by requesting a password reset which is mostly done by clicking on a link that is sent to your email address.
Do not reuse the same password across multiple sites! You may need a password manager for this. ‘123456’ and ‘password’ are the two most commonly used passwords on the web. Use a password manager to generate and keep your passwords safe. The new password should be markedly different from your old one and make sure it doesn’t contain strings of repeated characters or numbers. They should be unique for each account, complex — a mix of letters, numbers and special characters — and at least 15 characters long.
Stay away from passwords that are obviously tied to your name, birthday or similar personal stats since hackers can easily find these by doing a bit of research on you online, and often use this in their first attempts to access your account by answering your security questions. Most users answer “pizza” to the question “What is your favorite food?” So change your security questions. If you’re allowed to define your own security questions, do so, and choose strong questions — ones only you could answer. If you’re forced to choose from set questions like your mother’s maiden name, to be safe, don’t use a truthful answer but make sure you will remember whatever you choose.
Security questions alone are not enough, use multi-factor authentication that many providers allow to gain access to your account, including using secondary email addresses or text messages.
Sign Up For Breach Alerts
Avast Hachcheck, Breach Alarm and many others offer to keep an eye on your email addresses. You will receive automatic email alerts anytime your password leaks in future breaches. When you receive the notification you can change your password immediately, to prevent opportunistic hackers from accessing your accounts.
Utilize The Mine Online Application
Mine is an Israeli startup that shows you which companies have your financial, identity, online behavior or social network data, and helps you get it removed. It tracks “digital footprints” and knows exactly what you have been doing.
If you want to “reclaim” any of that data — that is, remove it from the companies or services servers— on the Mine dashboard you can send a “personal data erasure request.”
Mine’s service is free — for now but requires that you do all the follow-up yourself.
The paid version, to be released, will handle all the back-and-forth on your behalf.