How to know if your email or phone number has been hacked (and what to do about it)

A website you use has suffered a data breach. Now what?

How safe are your online accounts? In July, Twitter experienced a data breach that affected more than 5 million users.1 A recent U-Haul hack exposed customers’ driver’s licenses.2 Marriot will continue to go on into the foreseeable future.

With how often these large-scale data breaches happen, you might be wondering if your personal or sensitive information has ever been compromised—or even worse, your business. Luckily, there are a few easy-to-use tools that can help you determine if any of your accounts have ever been involved in a data breach, but first, let’s dive into what’s at stake.

Why are data breaches a big deal in the first place?

If a data breach involves credit card or social security numbers, the potential impact of identity theft can be devastating and immediate. However, not all cyber attacks rise to that level of catastrophic impact, so it might be natural to wonder why it matters if Facebook or whoever accidentally leaks your account details. Worst-case scenario, you get locked out of social media and have to reset your password, right? Wrong.

Because the vast majority of people reuse passwords and don’t enable two-factor authentication, any hack can mean dire consequences for the average person. If one of your logins is compromised due to a data breach on one site, reusing passwords can allow attackers to get into your accounts on other sites as well. That means any site that has financial information or is tied to a credit card or bank account is then at risk. For example, if you use the same login credentials across multiple sites, having your TacoBell.com account hacked could result in a cybercriminal wiring money from your bank account or buying things for themselves on PayPal.

One of the worst-case scenarios with reusing passwords is an attacker gaining access to your primary email account. That’s because password reset emails are generally sent to your inbox. Therefore, if someone gets access to your primary email account, they can change your password on any site they want.

To summarize the risk, a data breach could lead to identity theft or online accounts becoming compromised. To minimize the headache, it’s better to know sooner, rather than later, if one of the websites you use has been part of a data breach.

How to find out if you have been involved in a data breach

Luckily, there are a few online tools that can quickly tell you if your email address or phone number have been involved in a data breach. These sites will then provide you with more information about the breach and even provide guidance about next steps. In the interest of not playing favorites, here are 3 popular sites that will get the job done (and are essentially identical).

1. haveibeenpwned?
2. FireFox Monitor
3. Google Password Checkup (only if you use Google/Chrome’s password manager)

My email address has been involved in a data breach, what do I do? First, don’t panic! Or maybe choose the appropriate level of panic. Either way, immediately change your password on the affected site, as well as any other site that shares the same login credentials.

A best practice for this would be to generate a secure password using a password manager, and continue using the password manager here on out if you’re not already. Chrome and FireFox have built-in solutions. If you want something that works beyond the web browser, there are password managers from established names such as LastPass, Nord, and Bitwarden.
These utilities can take the headache out of remembering passwords, while ensuring each password you do use is secure.

Second, enable 2-factor authentication everywhere you can. Any financial entity like a bank or payment app is almost guaranteed to have this feature. Your primary email accounts are also just as important to secure, and the biggest names you know and likely use also support 2-factor authentication. It doesn’t hurt to check on your other accounts, too, the next time you login. Every website will be a tiny bit different in enabling two-factor authentication, but they always have simple instructions you can follow.

Running a business? You might need a little more protection than a password manager and two-factor authentication. That’s where amshot comes in. Schedule a free consultation today to see how amshot’s managed IT solutions can help prevent your business from being the target of a cyberattack.

References

1. Twitter data breach affects 5.4 million users
(https://www.malwarebytes.com/blog/news/2022/08/twitter-confirmed-july-2022-data-bre
ach-affecting-5.4m-users)
2. U-Haul discloses data breach exposing customer driver licenses
(https://www.bleepingcomputer.com/news/security/u-haul-discloses-data-breach-exposin
g-customer-driver-licenses/)
3. Marriott data breach exposes PII, credit cards
(https://www.darkreading.com/attacks-breaches/marriott-data-breach-pii-credit-cards)