You’ve probably heard about multiple data breaches at big companies in the news, with the most recent victim being LinkedIn. These breaches typically include large databases that feature usernames, email addresses and passwords for these services.
Whilst the passwords are typically hashed (encrypted with an algorithm), sometimes the algorithms used are weak and are easily reversed to reveal the actual password in plain text. This becomes an issue when the same password or variations of this are used for other services, e.g. PayPal.
As these databases are easily obtained on the internet, someone could easily attempt to access other common services using these details for their financial gain (and to your financial loss!)
Luckily, there’s an easy way to check if your account name or email address is part of any of these data breaches, using this website https://hacked-emails.com/. This allows you to type in your username or email address, which will instantly be searched across a number of publically available data breaches to see if this is present in either of them. If this is found in one or more of the breaches, the site will list each one with a bit of information.
So what should you do if your account is found in one of these breaches? Initially, any services that use the same password as the one breached should be changed. Then any other passwords that are the same across multiple services should also be changed and made unique.
There are free password managers such as LastPass that can help with multiple complex passwords and help you keep track of these. Finally, a quick reminder on secure passwords! Make them unique and don’t reuse them. See https://resolve.co.uk/blog/article/how-to-create-secure-passwords for advice on how to created passwords that take 552 Quadrillion Years to hack.