Rarely a day passes by without another data breach hitting the Internet – if you have an account on any website, chances are that your digital identity has been stolen or at least there were attempts to steal it.
While we have covered how to prevent being impacted by data breaches in the future (we have even discussed how to secure MySQL!), we have not yet covered what you should do after a data breach. This blog post will explain what should you do in such a scenario. Keep in mind that this blog post will not cover everything, but it will be a good starting point.
If you are a frequent visitor of BreachDirectory (or any cyber security websites for that matter), chances are you already know what a data breach is, but if you do not, here’s a simple explanation: a data breach is a security incident where information is accessed and stolen without authorization. The data is then frequently stolen and it might later be used in identity theft attacks. To secure yourself against data breaches, run a search on BreachDirectory and let the data breach search engine check if any of your accounts are compromised. Then, if any of your accounts appear in any data breaches, make use of the My Account Appears in a Data Breach section. If none of your accounts appear in any of the data breaches, make use of the My Account Does Not Appear in any Data Breaches section.
In general, after you have figured out that your account is affected by any data breach, you should perform the following steps:
In general, after you know that your account is affected by a data breach, you first want to identify the source and the extent of the data breach. This can be very easily accomplished by using tools provided by BreachDirectory: our search engine can easily let you know if your account appears in any data breaches that are in our system.
After you have identified the source and the extent of the data breach, your next step should be to determine what data was stolen. Again, this can be easily accomplished by using tools provided by BreachDirectory.
After you know what data was stolen from what source, you should change all affected passwords. When you change your password, keep in mind that attackers frequently search for passwords that can be re-used to breach other information systems in the future.
It might also be a good idea to consider switching email providers – using a trustworthy email provider can be another way to stop a data breach.
Finally, you should take further steps to better protect yourself and your assets. This can include reading cyber security blogs (BreachDirectory’s blog can be a great resource), seeking out information and simply applying the actions you think are necessary, visiting cyber security conferences, reading whitepapers etc.
After you have successfully secured your account, it is a good idea to continue monitoring the presence of the account in any other data breaches by using the services provided by BreachDirectory. Also consider using two-factor authentication: two-factor authentication only grants access to a website or an application after authorizing the user by something that he knows (for example, his password) and something that he has (for example, a phone or something else). Two-factor authentication is also sometimes called 2FA and 2FA can help you avoid becoming the victim of identity theft even if the cyber criminal knows the account details you use to log in to certain services.
The actions that you should take after you know that you are impacted by a data breach vary according to the data that was stolen in the data breach, but in general, you can protect yourself against data breaches by using unique passwords across all of the information systems that you use (reusing passwords across multiple information systems is the primary cause of identity theft) and being careful about who you provide what details to. If you know that you’re signing up for a service that you will not use for a long time, it is a good idea to register under a pseudonym (a pseudonym helps you to remain anonymous), register using an anonymous email address (for example by using the one provided by Mailinator), also consider using a VPN or a proxy service.
A hacking group related to North Korea is exploiting a zero-day in the Chromium browser…
What are crypto bubbles, how do they form, and should you worry about them? Learn…
Is the crypto-engine.pro blog legit and should you trust this resource? Learn here!
Reside in Brazil and found that your Twitter account suspended? There’s a good reason for…
This blog covers the recent Black Hat USA 2024 (DEFCON 2024) conference and digs into…
The CEO of Telegram and Telegram Web, Pavel Durov, has been released from custody and…