Have you been pwned?
Last week Troy Hunt publicised that a spam list of 711 million user records including email addresses and passwords had been leaked.
“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.”
Obviously this isn’t the first (and unfortunately) it won’t be the last time data has been breached, however this is one of the biggest by far.
Below we explain why its important to check if your data has been leaked and how to perform those checks.
So why should I care?
One look at the list of Pwned websites (websites that have been breached – which they know about) shows the type of data that has and can be leaked. With every data breach more of your personal data is being leaked and can be pieced together by bad actors to access your online world.
With this data bad actors can perform a number of attacks such as (but not limited to):
- Phishing – Attackers now know that you use a service and so have a great advantage when sending you mail pretending to be from that service in an attempt to trick you into sharing sensitive information such as passwords, usernames, and credit card details. We can all identify spam mail from a bank we don’t use however it’s harder when the sender is someone we know.
- Password Reuse – A lot of these data breaches involve passwords as well as email addresses. The first thing that attackers will do is try and log into other accounts using the same login details from the breach. Being aware of what has been released at least give you a fighting chance if you have used the same credentials elsewhere.
- Whaling / Spear phishing – If you are unlucky enough to have had your data breached a number of times then it is easy for attackers to start to build up a profile for you. Specifically targeted spam e-mails can be sent to you and are much more likely to get past your subconscious mail filter. These can have life changing outcomes as recent conveyancing scams where thousands have been stolen from individuals has shown.
This week Deliveroo are warning customers over vulnerable passwords and there website hasn’t even been hacked:
“While Deliveroo’s website has not been breached or hacked, the firm has identified a number of customers whose email addresses were compromised in data breaches on other websites.”
How to check if you are affected?
Information is power, not just for the attackers but for you too. By knowing when you have had a data breach (through no fault of your own) you can protect your brand and your business better.
- Individual email addresses – Sign up to Have I Been Pwned Notifications to check your email address and get notified if data associated with that e-mail is breached again.
- Domain owners – Sign up to Have I Been Pwned Domain search to check your domains. Subscribe so that you get notifications should anything else go public in the future.
How can we help?
Being aware of what’s going on with your domain is important as its your online presence to the world.
Dogsbody Technology maintenance packages all include reputation alerts for your IP addresses and domain name/s checking over 200 blacklists to ensure your IP’s aren’t blacklisted or showing up where they shouldn’t. Contact us to find out how we can help protect your brand as well as your servers.
Feature image by bonjourpeewee licensed CC BY-SA 2.0.
Leave a Reply
Want to join the discussion?Feel free to contribute!