Rarely a day passes by without another data breach hitting the Internet – if you have an account on any website, chances are that your digital identity has been stolen or at least there were attempts to steal it.
While we have covered how to prevent being impacted by data breaches in the future (we have even discussed how to secure MySQL!), we have not yet covered what you should do after a data breach. This blog post will explain what should you do in such a scenario. Keep in mind that this blog post will not cover everything, but it will be a good starting point.
If you are a frequent visitor of BreachDirectory (or any cyber security websites for that matter), chances are you already know what a data breach is, but if you do not, here’s a simple explanation: a data breach is a security incident where information is accessed and stolen without authorization. The data is then frequently stolen and it might later be used in identity theft attacks. To secure yourself against data breaches, run a search on BreachDirectory and let the data breach search engine check if any of your accounts are compromised. Then, if any of your accounts appear in any data breaches, make use of the My Account Appears in a Data Breach section. If none of your accounts appear in any of the data breaches, make use of the My Account Does Not Appear in any Data Breaches section.
In general, after you have figured out that your account is affected by any data breach, you should perform the following steps:
In general, after you know that your account is affected by a data breach, you first want to identify the source and the extent of the data breach. This can be very easily accomplished by using tools provided by BreachDirectory: our search engine can easily let you know if your account appears in any data breaches that are in our system.
After you have identified the source and the extent of the data breach, your next step should be to determine what data was stolen. Again, this can be easily accomplished by using tools provided by BreachDirectory.
After you know what data was stolen from what source, you should change all affected passwords. When you change your password, keep in mind that attackers frequently search for passwords that can be re-used to breach other information systems in the future.
It might also be a good idea to consider switching email providers – using a trustworthy email provider can be another way to stop a data breach.
Finally, you should take further steps to better protect yourself and your assets. This can include reading cyber security blogs (BreachDirectory’s blog can be a great resource), seeking out information and simply applying the actions you think are necessary, visiting cyber security conferences, reading whitepapers etc.
After you have successfully secured your account, it is a good idea to continue monitoring the presence of the account in any other data breaches by using the services provided by BreachDirectory. Also consider using two-factor authentication: two-factor authentication only grants access to a website or an application after authorizing the user by something that he knows (for example, his password) and something that he has (for example, a phone or something else). Two-factor authentication is also sometimes called 2FA and 2FA can help you avoid becoming the victim of identity theft even if the cyber criminal knows the account details you use to log in to certain services.
The actions that you should take after you know that you are impacted by a data breach vary according to the data that was stolen in the data breach, but in general, you can protect yourself against data breaches by using unique passwords across all of the information systems that you use (reusing passwords across multiple information systems is the primary cause of identity theft) and being careful about who you provide what details to. If you know that you’re signing up for a service that you will not use for a long time, it is a good idea to register under a pseudonym (a pseudonym helps you to remain anonymous), register using an anonymous email address (for example by using the one provided by Mailinator), also consider using a VPN or a proxy service.
Dive deep into ways to best index your data and learn how to mysql if…
Dive deep into ways to load big data sets into MySQL with BreachDirectory. From MySQL…
Can the SQL EXPLAIN statement be a DoS vector and how to mitigate this threat?…
What is Cross Site Scripting, how does it work, and how can developers prevent it?…
BreachDirectory explains the risks of compressed files with a password on them for your infrastructure…
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…