You’ve probably heard about multiple data breaches at big companies in the news, with the most recent victim being LinkedIn. These breaches typically include large databases that feature usernames, email addresses and passwords for these services.
Whilst the passwords are typically hashed (encrypted with an algorithm), sometimes the algorithms used are weak and are easily reversed to reveal the actual password in plain text. This becomes an issue when the same password or variations of this are used for other services, e.g. PayPal.
As these databases are easily obtained on the internet, someone could easily attempt to access other common services using these details for their financial gain (and to your financial loss!)
Luckily, there’s an easy way to check if your account name or email address is part of any of these data breaches thanks to Troy Hunt. Troy is a Microsoft awarded professional, author, blogger and international speaker. Out of his own pocket, he has developed the website https://haveibeenpwned.com
(Pwn - Verb - Slang: To totally defeat or dominate, especially in a video or computer game. Intentional misspelling of ‘own’. Most likely from the common mistake of typing the letter ‘p’ instead of the ‘o’ on a traditional keyboard.)
This allows you to type in your username or email address, which will instantly be searched across a number of publically available data breaches to see if this is present in either of them. If this is found in one or more of the breaches, the site will list each one with a bit of information. There’s also a handy ‘Notify me’ function that allows you to add your email address which will then be checked against new breaches and if found, an alert will be sent to your email.
So what should you do if your account is found in one of these breaches?
Initially, any services that use the same password as the one breached should be changed. Then any other passwords that are the same across multiple services should also be changed and made unique.
There are free password managers such as LastPass that can help with multiple complex passwords and help you keep track of these.
Finally, a quick reminder on secure passwords! Make them unique and don’t reuse them. See https://resolve.co.uk/blog/article/how-to-create-a-secure-memorable-password and http://cyber.uk/passwords/