If you have been following the news, chances are that you have come across two major data breaches in the last couple of weeks. One was the Facebook breach from back in 2019 and the MobiKwik breach. They both put out a TON of sensitive user information out in the hands of the bad actors. And mind you these are just the most recent examples, there are breaches happening almost all the time. After reading this you may be thinking that this is just fear mongering and we can’t stop these breaches from happening anyway so what is the point
The point is that even though we can’t stop the breaches from happening, we can follow some simple tips and guidelines so that when they happen, we remain unaffected by them for the most part. Let’s take a systematic approach and first look at whether our information was part of any breaches. Once we find that out we can then look at what our next steps can be.
How do I know if my data was leaked?
Luckily someone has thought about this problem before and done some excellent work to help us all. All you need to do is visit the website called Have I been pwned and enter your email address in the search field you see on the screen.
Notice how we are only entering our email and not any of our personal or sensitive information (date of birth, credit card no. etc). As a rule of thumb, always be extra extra cautious while entering these kinds of details and pay very close attention to where you are entering them.
Entering your email address tells you if your email address was part of any of the recent breaches. If the email exists in the database of any of the recent breaches, you should see something like this
If there is nothing for your email address, congratulations! You are doing great. But in my opinion that is highly unlikely if you have been using that email for a while.
Now you may be wondering why should I trust this random site to tell me and you are absolutely right. You shouldn’t just take my word for it instead please spare some time ¿ to go through the website’s about section to understand who the author is and why he started this website.
What can I do now?
Irrespective of whether your information is out there or not, these are some quick tips and tricks you can employ so tha the impact of such breaches is minimized.
1. Reset password for compromised services or delete account from a service that you no longer use
If you read the results that we have above carefully, there is a section called “Compromised Data” at the end. Look carefully at what all it lists. Most commonly you will find usernames, passwords, personal information like Date of Birth etc in that section. The only possible actionable part for us in the above list is passwords (because we can’t change our DoB or phone number). You should immediately reset your password for the compromised service(s). If you are using the same password on several different sites (more on that later) you need to reset them all. But the best thing you can do is delete account on a service that you are no longer using. That means you’ll have fewer accounts to manage and worry about.
2. Use a different password for each service you register to
In the previous posts we have looked at how we can setup passwords and should be using password managers to manage them. It should now be easy to setup unique passwords for all our services and manage them effectively.
3. Don’t register if you don’t have to on a website
Every other website will ask you to sign up and create an account. They will say it’s simple and effective and has many benefits. But realistically if you are only going to use that service once do you really need to give them all your information? I don’t think so. Before you sign up to a new website or a service, check to see if what you are trying to accomplish is possible without registering on the website. This way you don’t have to give out any personal information or don’t have to manage another username and password which will eventually be breached.
4. Use a secondary email address to register to non-critical services
Some sites will not let you proceed without creating an account so what should one do in such cases? It is always beneficial to have a secondary email address that you can use on those sites. By using this secondary email on non-critical sites (gaming, restaurant delivery etc.) you are ensuring that your primary (and important) email and other details get shared as little as possible. Another important tip is that you don’t always need to provide your real birth date or other personal information to trivial websites. So feel free to use a pseudonym or alternate details on websites that are not critical to your day to day life.
5. Be careful when linking your primary email or social media to third party services
At some point you might have seen the “login with Gmail” or “login with your Facebook” button on sites. Those make it very convenient for you to register on new websites using existing account. Though they make it super easy, always be mindful of what is being shared with the third party website when you use those options.
Does all of that information need to be shared with a third party? Probably not. You can choose to edit and only share the required details with the third party service.
If you are still with me, great! we made it through the list of simple tips and tricks that you can employ to lessen the impact of data breaches. If you are a power user, you are probably aware of plenty of other things you can do but for an everyday user this list is a great place to get started.
Before I end this, please keep in mind that the companies are under no obligation (legally, in India anyway) to inform us about data breaches. It is likely that we’ll never find out about many of them. Though we will never have control over what data is involuntarily collected from our digital presence, we can do our part by being aware of what information we are voluntarily sharing and with whom.
That’s all for today’s post. I hope you enjoyed reading this and found at least some of the information helpful. Please share this with your friends, family and all the uncles and aunties in your family whatsapp groups :D