No, that headline is not an attempt to scaremonger. There is a very large chance that your personal data has been leaked online in at some stage. Unfortunately, large leaks of personal data have become far too common. Soon after data leaks make the headlines, they are forgotten about. We wanted to find a way of making the risks real, so I thought I’d offer myself as a sacrifice.
Easily check if you have been involved in a data leak
Checking if you’ve been involved in a data leak is extremely easy. In fact, it’s so easy it would be a great phishing scam. You visit ‘have I been pwned‘ and pop in your email address. You should be alarmed by such a system, but do allay your fears I’m going to let you use my personal email address – firstname.lastname@example.org.
Once you enter the email address it’s checked against a database of internet users data that has been leaked on the likes of GitHub or the deep web over the years. As you can see from my results, it’s not great news. While I consider myself to be rather careful online, some of the services I use are not. I have had my personal data leaked five times. I’m sure you’re thinking “he must be on awful ropey sites” but they are likely sites you’re on yourself.
Let’s go deeper.
Services that have leaked my data
The online CV has become a popular way of showing the world how great you are at your job. LinkedIn provides the perfect place to show yourself off to potential employers. It’s also home to one of the biggest and most recent data leaks. In May 2016, LinkedIn had 164 million email addresses and passwords exposed. The data had been compromised back in 2012 before appearing in the deep web four years later. While the passwords were encrypted, this was easily cracked within the days following the leak.
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. The data was leaked online back in 2012 before appearing in the deep web four years later. While the passwords were encrypted, this was easily cracked within the days following the leak.
If you used LinkedIn it might be a good idea to head on over to ‘have I been pwned‘ and check if you were one of the 164 million people affected.
Everybody’s favourite way of saving old memories until it gets full just to be forgotten about. Dropbox is popular with many as huge amounts of storage were given as perks with smartphone purchases. Unfortunately, Dropbox left the back door open one day in 2012. Like LinkedIn, four years later, customer data began to emerge online leading to the resetting of 68 million passwords to protect customer data.
Stop for a moment and consider the risks here. Smartphones were automatically adding every picture you took to a cloud server. Some lads in the middle of nowhere paid a couple of Euro and they could access everything. If you are signed up to Dropbox, we strongly advise changing your passwords and checking to see if you’re involved on ‘have I been pwned‘.
Interested in the other three services where my data was leaked online? Head on over to ‘have I been pwned‘ and type in email@example.com.
What to do when your data has been leaked online
First things first – remain calm. There have been millions of others affected. You have about as much chance of winning the Euromillions as you do having your data picked from the LinkedIn hack. With that said, you do need to take immediate action. I personally know I have registered for a few services that offer a “Log in with LinkedIn” option. All of those accounts have now been compromised.
Change your password for the service
It’s important that the password is complex to avoid it being worked out. The most secure form of protection is to not use a password at all. Edward Snowden, a man who has a fair bit of experience in the area of personal data and the likes, recommends switching to a passphrase.
Instead of using a password comprising of letters and symbols, a passphrase is much longer and easier to remember. Take Edward’s example in the above video – margaretthatcheris110%SEXY. While obviously ridiculous, this gives a huge amount of security while remaining easy to remember.
Change all your passwords
You know you shouldn’t do it, but you use the same password for lots of different services. Well, now it’s costing you. You’re data has just been made public. Should you be the chosen one, would be hackers will attempt to use your leaked data to access other platforms. If your password for LinkedIn is the same as Facebook, that’s another account compromised. You can probably remember the last time you used Facebook to log into a service right? It’s a big deal if that account is compromised.
Should you be using the service at all?
They just showed you how little they care for your data, so should you still trust them? It can be tough for a social media platform like LinkedIn, but Dropbox has alternatives like Google Drive. To date, they have no data leaks so surely they are more deserving of your trust?
Please do check out ‘have I been pwned’. If you’re lucky enough to have made it this far without your data being leaked online, you can set up an alert Your personal data online should be given the same level of protection that you would your bank details or PPS number.