There is usually a news article about companies being hacked and the details of end users like you and I, being released all over the web. Pretty scary stuff when you think about it. Your passwords, emails, birthdays, addresses and often the secret ‘questions’ and answers – mother’s maiden name, birthday suburb… I think you get the idea.
But how many of these hacks actually apply to your own personal data? Or if you are a network admin, how many people on your domain?
Thankfully it’s very easy to see – Troy Hunt who is a regional Director for Microsoft along with being an international expert on web security has a simple site called “have i been pwned?”.
Whenever there is a data dump of users details, ‘Have I Been Pwned’ collects just the email addresses and can notify you if yours was part of the hack, along with the type of information that was stolen – passwords, usernames, birthdays and so forth. The website doesn’t hold those details (click here to read why).
Unfortunately however, those details are already public.
You’ve searched for your details and something has come up, what do you do next?
- Change all your passwords, if you use the same password or a variation of one password across many resources this is especially important.
- Check your credit record. In Australia you have a legal right to get a free copy of your credit history. Check for anything that seems unusual, call the banks immediately if you find anything.
- Question what other websites you have accounts with, are there any you can close? If you close them, email the company and ask for them to scrub your information. Most will oblige, some may not but it is worth asking.
- Sign up for notifications – Sign up for the notifications on the ‘have i been pwned?’ site. You will get an email every-time your email address shows up in a hack somewhere. If you are a domain admin, set a notification for your whole domain.
- Change how you do passwords – if you have a Mac, let keychain automatically generate and save a password for any web accounts you have. This way they are all unique. Or consider using a program like 1password or last pass
- Setup Two-Factor authentication – Facebook, Apple, Google, WordPress & Banks let you have a two-factor password either via SMS or a generated code. Set this up! The 4 second inconvenience when you login could save you thousands, not to mention the years it can take to get your life back together after identity theft.
It only takes 2 minutes!