Over the past few years there have been breaches to secure databases, some of which exposed half a billion users' data. It's easy and understandable to wonder if you are among that list, but how do you tell? The answer is really quite simple.
Just type in whatever email address you're worried about. haveibeenpwned is ssl secured (that's the little green lock next to the URL), and was created by Troy Hunt. Now, chances are modest that one email will be exposed, but often the data leaked isn't enough to steal an identity. Here are steps to take if you realize your data and passwords have been breached, and how to determine the severity of the leak.
Severity : If your physical address, email and email password, social security, credit card information, or banking details are available, that's about as bad as it gets. This enables pretty much whoever can access that data to manipulate it for identity theft. So, what to do in this situation? Not a whole lot, but you can work to inhibit further breaches.
- Cancel Credit/debit cards and get new ones.
- Change passwords - Many people use the same password for multiple sites and services. This is a bad, bad idea. Changing your passwords once every two weeks and ensuring it is made up of lowercase, uppercase, numerals, and punctuation will drastically limit the ability for people to 'hack' you and your data.
- Keep your operating system and programs up to date. Wannacry hit users with outdated updates and old OS's (Windows 7 almost exclusively). The newer the tech, the more relevant their firewalls and other protections are.
- Watch your smartphone. A large majority of malware that is circulated focuses on smart phones. Ensure that you password protect your phone, and don't use open wifi networks.
- Don't save passwords in your browsers, on your phone, anywhere. That's just asking for it.
- Come up with ridiculous answers to security questions. If the security question is 'what is your mother's maiden name?' A malicious piece of software can figure that out in no time if you actually put in her maiden name. It can be anything. "Green eggs and ham" would be basically impossible to crack, for example.
To conclude, haveibeenpwned is a public service and an awesome website to determine if you have been the victim of a recent breach. Additionally, using common-sense practices to ensure the safety of your data is key to lessening the blow from those breaches. Those hacks were the result of weaknesses in those company's databases - loose passwords, email phishing, account linking, similar to how you can be exposed. Just remember, Thinking that it will never happen to you is the easiest way to end up frantically canceling your credit cards.