Is Your Data Compromised?

code on a laptop screen
17 Jan

Is Your Data Compromised?

By elizabeth@e-bee...

This isn’t the best note to start off the year- January and already we're hearding reports of a record data breach. With what is being dubbed “Collection 1 breach” it’s been reported that a set of over 2.7 billion e-mail addresses and passwords had been posted onto a hacking platform for anyone and everyone to see in what people are calling a mega breach.

As technology advances and everything becomes more digital, the world going paperless, the emergence of new privacy laws and GDPR, we know that need for security increases exponentially- there are new threats every day to our privacy and the chances of you getting invaluable information stolen because you trusted it to “the cloud”  increase with every little advancement we make in the digital world.

This is an extract from Forbes detailing the breach and the steps you should take to make sure that your information stays safe if it has been actually affected in the breach. Side note- it probably was.

 

“Should I be worried?

In a word: Yes. It’s a massive concern, not least because scale of this breach is huge: Yahoo’s breaches saw 1 billion and 3 billion users affected but the stolen data hasn’t actually resurfaced yet.

And unlike other huge hacks such as Yahoo and Equifax, this breach cannot be tied down to one site. Instead it appears to comprise multiple breaches across a number of services including 2,000 databases.

Hunt says there are many legitimate breaches in the directory listing, but he cannot yet verify this further. “This number makes it the single largest breach ever to be loaded into HIBP,” he adds in a blog.

What’s more, his own personal data is in there “and it's accurate”, he says. “Right email address and a password I used many years ago. Like many of you reading this, I've been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public.”

Finding out if you’re affected

If you are one of the 2.2 million people that already use the Have I Been Pwned site, you should have received a notification: Nearly half of the site's users – or 768,000 – are caught up in this breach.

If you aren’t already a member, you need to visit Have I Been Pwned now. Once on the site, you simply need to type in your email address and search, then scroll down to the bottom of the page. The site will let you know if your email address is affected by this breach – and while you are there, you can see if your details was stolen in any others too.

To find out if your password has been compromised, you separately need to check Pwned Passwords– a feature built into the site recently. This feature also helps you to use strong passwords: if yours is on there, it’s safe to assume others are using it and your accounts could be easily breached.

What if my details are there?

Hunt says in his blog: “Whilst I can't tell you precisely what password was against your own record in the breach, I can tell you if any password you're interested in has appeared in previous breaches Pwned Passwords has indexed. If one of yours shows up there, you really want to stop using it on any service you care about.”

If you have a bunch of passwords, checking all of them could be time-consuming. In this case, Hunt suggests 1Password's Watchtower feature which can take all your stored passwords and check them against Pwned Passwords in one go.

Most importantly, if your password is on the list, do not ignore it as it can be used in credential stuffing attacks mentioned earlier. Hunt says: “People take lists like these that contain our email addresses and passwords then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services.”

More generally, as the number of breaches and their sheer scale increases, it’s time to clean up your password practices. In addition to using two-factor authentication, passwords should be complex – such as a phrase from a favourite book or a line from a song. At the same time, security experts don’t rule out analogue books containing your password – as long as these are not stored on your device or with it.

If you take these measures into account you should be able to avoid using the same password across multiple sites. Ideally, start using a password manager to ensure you can remember these.”

We at SignTech paperless forms care about your security which is why our app features an extremely secure end to end encryption. Even we don’t have access to your data. We are trusted by many companies including Santander Bank, Barclays Bank, Cranfield university with good reason: we’ve never has a security breach, so you know that your data is safe in our hands. Remember to stay safe online, only sign up to reputable companies that can keep your information private, use secure passwords, or get a password manager and keep your information safe from hackers.

 

 

SignTech Forms is an innovative paperless platform that converts existing forms and documents into paperless forms that can be completed on mobile devices and electronically signed seamlessly (with full data integration). For more information visit www.signtechforms.com or email expert@signtechforms.com.