If you’ve been listening to the news recently, you may have heard about cyberattacks on big companies where hackers gain access to user’s personal data in databases. In these attacks, hackers have managed to get access to sensitive databases that store personal user details, such as their usernames, emails and passwords. With these details, people can then access your accounts and all the data on them.
What makes this topic more worrying is when your details leak onto the internet, where other people can then use them. I myself was a victim in the Patreon database leak, and received an email stating that someone had all of my bank details and would leak them online if I didn’t offer them money! Of course, the email was a scam; there was no way the hackers could have extracted bank details from Patreon. It goes to show, however, that database leaks are quite scary, and can be used to bully those who don’t know better.
How Do These Attacks Happen?
But how come these attacks are happening in the first place? Surely these companies have security set up to defend against them? Most of the time, this is the case; the company that was attacked did, in fact, have defences set up against hackers accessing their data. Despite this, the attackers still found a way in, and they usually use one of two ways.
One way hackers can gain access to data is straight through the security. This usually means the company that was attacked used security that carried a weak spot on it. All the attackers have to do is discover and use this weak spot, and they can circumvent the security.This is especially true if the data the hackers retrieved wasn’t encrypted, as it shows the company was storing highly sensitive data without it being protected; a major no-no!
Sometimes, however, a company is very secure, but an employee within the company causes the leak to happen. When an employee from a company gets fired, sometimes the employee gets very angry and decides to do some damage in revenge. If this is someone who has access to the databases, they could copy and leak the information before they leave the company. This is why businesses often remove the ability for employees to access sensitive data before letting them go.
How Do I Check If My Password Has Been Leaked?
Probably one of the scarier elements of these attacks is not knowing if your details have been leaked onto the internet. Are your login details out there for everyone to see and use? Or have you gotten lucky with the recent spate of attacks and haven’t had your login details exposed yet?
Fortunately, the spike in attacks on databases has led to people setting up their own websites to help people see if they’re vulnerable. If your login details are on the internet for people to use for malicious actions, they can also be gathered by people who want to warn others that their details have been exposed.
One of these websites to help users check the security of their login details is called Have I Been Pwned? (https://haveibeenpwned.com/), and its strange name refers to the online geek slang pwn, which means ‘to own’. This website takes the same data hackers have leaked and use it to warn and inform people if their details have been leaked.
To use it, it’s very simple; just go onto the Have I Been Pwned? website and enter your email address and username into the search. It will then go through its database to check if your details have been leaked. If they have, it will tell you, and inform you of what website leaked your information. Remember that if you do a username search, people may have signed up to websites using the same username as you do, so make sure you check if the results displayed is actually you!
So what do you do if you discover your details have been leaked?
First of all, you need to change any passwords that share the same username or email as the details that were leaked. If you logged into every website using with the password 12345, and your details were leaked, people can use your email and password to log into every service you have an account with. Changing the passwords on every account with that username and password combination will help re-secure your accounts.
Moving forwards, use a different password for every website or game you log into. If you had three accounts with the passwords apple, orange and pear respectively (which are very weak passwords, but this is just an example!), if the website with your apple password leaks its database, hackers can’t gain access to orange and pear with those details due to the inconsistent passwords.
Obviously, remembering so many different passwords can be tricky! To solve this, either use a password manager to keep track of them all, or use a ‘base’ password that you alter according to what you’re logging into. For example, if you use the base password 4ppl3P1e!, you can set your Minecraft password to 4ppl3P1e!Creepers and your Amazon password to 4ppl3P1e!Shopping. Make sure to make the passwords strong using capitals, numbers and symbols! And passwords with 20 characters or more are more difficult to brute force hack than shorter passwords.
With big companies suffering from hacking attacks against their databases, there’s not much you can personally do to prevent your details from being leaked. Thankfully, you can significantly reduce the damage done by these leaks by using a different password for every website you use, as well as checking your details using Have I Been Pwned? and changing any account passwords that have been leaked. Keep your details safe out there!
