The world we live in is closely linked to the internet. We use it to connect with loved ones through messaging, social media, video calls, and gaming. It also helps us manage important parts of our lives like finances, health, and education. You could say we have two lives: our real life and our digital life.
We could have multiple online identities for various reasons and it does not have anything to do with ill intentions but we won’t discuss it today. A common way to access our digital accounts is with an email address and password, which should only be known to the user, right? Not really. Hackers might already have your email and password.
Your Data is Out There
Many websites sell users’ data to third-party companies, which is valuable for businesses for trend predictions and marketing. These companies must legally protect this data and face fines for noncompliance.
Threat actors understand the value of data and often extort companies for millions when they breach systems and steal information. A report from IBM highlighted that the average cost of a data breach was $4.88 million in 2024.
In 2023, the average ransomware payout was over $1.5 million, according to SC Magazine. Some companies choose not to pay the ransom in fear of becoming targets for other groups seeking more money. In such cases, the entire dataset may be leaked and sold on the dark web, or even released publicly for free.
Hackers use leaked data to make lists called wordlists, which can include passwords, password hashes, emails, and usernames. Our data might appear in these breaches because we share it with companies to use their products. Remember, these attacks happen frequently to well-known companies.
In March 2024, tens of millions of records were posted to a hacking forum allegedly belonging to a popular mobile phone carrier: AT&T. Raising serious concerns about the security measures in place for protecting sensitive information.
Australian retailer digiDirect was breached in September 2024, exposing over 300,000 data records including email addresses, physical addresses, names, phone numbers, and dates of birth. Nearly half of this data came from external marketplaces like Amazon, eBay, and Westfield.
If you want to see if your favorite or common used websites have been breached, you can check here.
Can you see how this makes you vulnerable? We have many internet-connected devices that let us interact with the physical world with just a touch on our smartphones. We can control lights, power outlets, A/C thermostats, and more, all through our phones.
What happens if someone has your login credentials? They could download a mobile app, use your credentials to unlock your smart door lock or view your camera live stream. At this point, you rely on the company’s security measures and hope they are robust and secure.
Mitigations
Now that you are aware of data breaches and how they could impact you, here three recommendations to better protect yourself:
Use Complex Passwords
The first step is to use strong, complex passwords. I would recommend using passwords that are 20-25 characters long, but at the very least, they should be 12 characters long. Include a mix of lowercase and uppercase letters, numbers, and symbols. Don’t reuse passwords; create a unique one for each account. It should be easy for you to remember but hard for others to guess.
Avoid using birthdates, the last four digits of your SSN, and names of relatives. Stay away from common password patterns. There are software tools that utilize leetspeak, a form of writing that replaces letters with numbers or special characters as in “Cyb3r-J07”.
Password Manager
Following the earlier recommendations can make it difficult to keep track of each unique password. Consider using a password manager, which requires you to remember just one complex master password. The password manager will suggest strong passwords and will store and autofill all of the saved passwords for you when needed.
Multi-Factor Authentication (MFA)
An extra layer of security is to enable MFA whenever possible. You need to register a device, like a smartphone or key fob, to prove you own it. When you log in, it will first ask for your email and password, then send a verification code to your smartphone or ask you to push a button on your key fob to verify your identity.
Conclusion
I hope you learned something new today. Visit Have I Been Pwned to see if your email or password have been found on a data breach. It’s important to be cautious when sharing information online because personal data can be easily exploited by malicious actors. Additionally, remember to update your software and apps regularly to fix vulnerabilities. Stay vigilant, stay safe, and ensure your digital footprint is secure at all times.
Discover more from Cyber-Jot | Learn Cybersecurity & OSINT
Subscribe to get the latest posts sent to your email.
Leave a Reply