Has your email been hacked or breached?
One of the most common forms of identity theft is through email hacking, since emails are frequently the portal to a person’s life on the internet. The main reasons why thieves may want to hack into your personal account is they want to control your email and send emails as you and see what businesses you communicate with, or the thief can see your credit card issuer and other information, take over the credit card account—changing the address on the account and requesting a new credit card be sent to their address.
Have I Been Pwned? (HIBP) is a website that allows anyone to check if their personal data has been compromised during known data breaches. The service collects and analyses dozens of database dumps and pastes containing information about hundreds of millions of leaked accounts, and allows users to search for their own information by entering their username or email address.
User can sign up for notifications if their email address shows up in future database dumps. The website has been widely recommended as a useful source of security and privacy. As of March 2016, Have I Been Pwned? receives more than ten thousand daily visitors. As of October 2016, the site has 800 thousand active email subscribers and contains records of 1.8 billion accounts from over 150 data breaches.
What should I do?
Step 1: Change your password.
Pick a strong password for your email account that is not related to any prior password.
Try using a meaningful sentence as the basis of your new password. For example, “I like to eat bagels in the morning” turns into “IL2eBitM” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2”. Eight characters is the minimum, and if you can include other characters like # $ % £ ! etc, all the better. If you want something even stronger try https://strongpasswordgenerator.com/ for a really random password.
Step 2: Enable two-factor authentication
Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.
Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail, and Yahoo!.
Step 3: Run a full device scan with you anti-virus
Run a full scan with your anti-virus and/or anti-malware program – even if you use a mac (you are not immune!). Scan other computers you log in from, such as your work and home computer. If any of your scans detect malware, fix it and then go back and change your email password again (because when you changed it in step #1, the malware was still on your computer). Always keep your anti-virus up to date, this enables the software to detect the latest type malware that can attack your devices.
Step 4: Implement preventive measures
Don’t allow hackers to break into your accounts again. You can start by avoiding suspicious phishing emails, or links and attachments found in them. This goes for social networks and instant messaging accounts as well. Clicking on ambiguous links or posts can ultimately lead to the phishing pages or the download of information-stealing malware. A recent one that is going around is the baidu[dot]com link in Skype. A thread on Microsoft’s Skype support forums reveals this has been occurring to hundreds of Skype users since at least August. Breached Skype accounts are used to send thousands of spam messages before they’re locked and the owners have to regain access. More on this over at The Verge.
Whenever possible use secure and private networks. This can help prevent hackers from getting into your device. In the cafe on wifi? Is it a secure connection? Are you sure? Don’t ever do your online banking on a public network.
Limit your exposure on social networks and the amount of information you display in public.
Bookmark trusted websites, including online shopping sites you frequently use. This will prevent you from accidentally landing on the wrong website where hackers could slip malicious code or links that take you to sites that phish for information.
Step 5: Close unwanted/unused accounts
Got an old social media account that you don’t use anymore? Close the account. It removes another avenue for hackers to get your information.