Want a fright? Go to Have I Been Pwned and enter your email address. Click “pwned”? Take a deep breath and don’t panic because most, if not all, of your email addresses will result in, “Oh no — pwned!”, which means your email address has been compromised in a data breach at one time or another. Scroll down to see “Breaches you were pwned in”, which reveals when and from whom your data was snaffled. It also describes what data was breached!!!
I do this every so often and it’s an eye-opener to see how many sites have been breached and my details swept up. The data ranges from my email address to my encrypted password (my ENCRYPTED password?!)
In my latest ‘masochistic’ foray, my personal email address had been breached – 7 times. The list of breaches included big names such as Adobe, Dropbox and LinkedIn. Adobe was possibly the most worrying as the compromised data included Email addresses, Password hints, Passwords and Usernames. That’s pretty much everything then. The breach occurred in 2013. Just as well I’ve changed that password since then…
And it’s not just the sale of our details and access to our accounts that the hackers use to wheedle money (well, bitcoins in this case) out of our coffers. Victims can receive extremely unpleasant emails, in which a password, new or old, might be cited. Just knowing that someone with nefarious intent has this sort of information makes us understandably very uneasy. If they know that one, do they know others?
These email messages can seem very personal and uncomfortably intrusive, especially as they threaten exposure of the victim’s alleged discreditable behaviour, such as visiting an unseemly website for instance, evidence of which will be forwarded to the victim’s contacts. This action can be forestalled by the requisite amount of bitcoins to be paid by a certain date. Some of these emails even include a support address to help facilitate the bitcoin transfer!
So what can we do? Well, some breaches revealed by ‘Have I Been Pwned’ will have taken place long ago and if you change your password reasonably regularly – and use good, strong passwords – you won’t have much to worry about. It’s absolutely worth using a password manager.
I use KeePass, which helps because there is no way I can even type – let alone remember – the complex passwords I now use. I have to copy and paste them in – it’s the only way. A pain perhaps, but there’s no way I’d ever trust any of the many websites I have to log into to hold the fortress against hackers indefinitely. Oh, and that’s why we – and most of our clients – use a private cloud, too.
If two-factor authentication is available through the site you use, then do use it. MailChimp has an easy method for this and offers a small discount for customers that use it. Other defences include changing your password regularly, never using the same password twice, and using complex passwords. Here’s a good article, by those geeks at How-To-Geek https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/.
So, assign that ubiquitous, ‘password1234’ (oh, c’mom, who doesn’t use that?) password to the bin. It might be handy, but you’re leaving the door wide open.