Data breaches are rampant nowadays and have also put ordinary users like you and me at risk. Like the recently reported breach, compromised email addresses and passwords that are possibly used for work, social media accounts, and financial services, are left open to be used by cybercriminals. So if your accounts have been compromised, or “pwned”, what are the necessary steps that you should take? We hope this article can help you with that.
What is a data breach?
A data breach, by definition, “is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” Data like your email addresses and passwords should not be exposed or released to the public or to any entity that can’t be trusted.
One big example is the recent data breach that exposes over 772 million email addresses and over 21 million passwords. The information is now being circulated online and sold to cybercriminals.
Is my email that valuable?
You might be thinking, “I’m just using my email address to keep in touch with people and send files.” But remember that you’re also probably using it for other services like Facebook, Twitter, Instagram, Netflix, Spotify, Lazada, Shopee, Dropbox, Amazon, Steam, even bank accounts.
If you’re using a single email address and password for all these accounts and happened to get exposed, then the attacker can simply change your password (assuming you don’t have 2FA activated), lock you out, access all your data, and use it for other malicious activities. For a cybercriminal, that’s gold.
How to know if my accounts are compromised?
One way of checking if your accounts are compromised is by using haveibeenpwned.com by security researcher Troy Hunt. It is a website that allows internet users to check if their personal data has been compromised by data breaches. The site allows you to separately check if your email address or password has appeared in data breaches.
My email address has been pwned, what should I do?
If your email address or password were identified as pwned, then it’s time to take action right away, and the first step is to change your passwords.
When you choose your new password, make sure to use a combination of uppercase and lowercase letters, symbols, numbers, and is at least 8 characters long to make sure they’re not easy to guess or crack by brute force. To check if you have a strong password, you can use this tool from LastPasscom.
If you need time to remember it, write it down and keep it somewhere safe. You might also want to consider getting a good password manager if you manage plenty of accounts.
Also, make it a habit to regularly change your password. Some recommend doing it every few months or twice a year, but you should do it immediately if there’s a data breach like what was mentioned earlier, there’s an indication of unauthorized access to your account, or if you have shared it with someone else.
Enable 2FA
2FA or 2-Factor Authentication is your second line of defense in case your password gets compromised. What this feature does is send a code to your mobile device via text, email, or activate a push notification to your smartphone to notify you if it detected access to the account.
If it’s you who’s trying to access the account, just enter the code or allow the access and you’re good. But if you received it even if you’re not logging in, then simply revoke that access (DO NOT give out your PIN or code). Take this as solid evidence that your account has been compromised so it’s time to change a password again.
For a guide on how to enable 2FA to popular services like GMail, Facebook, Twitter, Steam, and other platforms, you can read our article here.
To find out if a website or service has a 2FA feature, you can visit twofactorauth.org.
Keep yourself informed
There are plenty of ways on how to secure your account but they’re useless if you don’t study and apply them. Take time to learn about the online services that you use and study their security policies and features and take advantage of them. The more you know, the more you will be able to secure your accounts.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
