Hacking Is Out Of Control
Have I been Pwned? There have been serious data hacks in the past few months. Between SolarWinds, Facebook, and the less publicized Accellion, the leaks are widespread and damaging. On top of it, the information on what to do next is exhausting.
If you haven’t had a chance to see the damage of the most recent Accellion leak, you don’t have to go too far. Yesterday I read about the entire University of California system alerting its students, staff, and alumni about their compromised data. They had an action list that looked so similar to every other action list it was almost visual white noise.
And that’s what’s happening. There are so many hacks and so many breaches that we’re becoming desensitized. “Oh, who cares if they have my email,” you might say. For some people, it may never amount to anything. But there are repercussions.
Why You Need To Stay Diligent
Have you seen an increase in spam emails and calls? Have tons of text messages graced your phone telling you everything from your Amazon account to your social security number have been compromised? It’s a genius double whammy. First the hackers extort the company, then they send phishing attempts with the stolen information. If the company doesn’t pay, maybe they can extort something out of the individuals affected.
Some of these look really good too. USPS texts you updates on deliveries. And who hasn’t indulged in a little pandemic shopping spree? Getting a non-descript text telling you to check the link and enter your information may be all they need.
The spammy texts have gotten so good, I don’t even bother opening them any more. They may be legit. On the other hand, there’s a good chance they’re phishing. I’m very good at spotting and double checking phishing attempts, and even I don’t know some of the time.
Have I been Pwned by a Hacker – What do I do after a breach?
What To Do
You’ve probably already set up credit monitoring. There’s a chance you’ve even gone as far as to put alerts on your credit report. You may have gone in and changed all your passwords (please do this.) But what else could you possibly do?
How about checking to see what accounts have been involved in a breach? The site ‘;–have i been pwned? will check your email addresses and phone numbers for breach information. What does ‘pwned’ mean? Pwned, in this context, simply means that your account has been the victim of a data breach. The word itself takes its name from player-to-player messaging in online computer gaming. When one player is defeated, another might type out a message to say ‘You’ve been owned
If they find you out there on the dark web, they’ll let you know what site and when. My personal email, which is as old as the hills, has at least 11 hits on it. The site broke it all down for me. They told me what company (I’ve never subscribed to Home Chef but somehow my email was compromised in their 2020 breach) and the year.
There are other helpful tools on the site as well. They’ll check a specific password for you (change your passwords.) They’ll also send you alerts you can set if they find your information out there in the future. This site does for online credentials what credit monitoring does for your identity.
The Hassle
It’s exhausting that we have to do this. But with most security software companies pushing detection and response rather than prevention, we’re going to continue to have to mitigate our own monitoring. For the record, detection and response leads to all the follow up we just discussed. Prevention, on the other hand, is possible and is the better option. They’re pushing it so hard because their technology isn’t on par with prevention techniques.
So until the big companies hoarding your data get on the prevention train, you’re going to continue to be responsible for their mistakes. Keep pushing for more preventative approaches, keep monitoring your data, and, as always, keep safe.