Sadly, it’s a reasonably common occurrence for websites to be hacked. One of the goals of hacking is the theft of personal data, which can be used for many different purposes. Even very large businesses like Yahoo, LinkedIn and Adobe have lost millions of user records to hackers. In multiple cases, over 100 million user records have been copied in one hack.
To minimise the risk of your accounts being compromised, aim to use these techniques where possible:
- Use strong unique passwords for each website account or service that you sign up to, or at least the ones where you store important information. If your password gets revealed and you’ve used it on more than one website, then the loss of information may increase as a hacker can login to other accounts.
- Where possible, avoid providing your real date of birth and other personal information. Instead, make one up and keep a record of it (sometimes you are asked for it to prove your identity). If you have multiple devices, you might like to store your record of such details in a cloud service such as Google Drive or Office365, or in a password manager like LastPass (it’s free).
- For your most important accounts, such as your email, shopping, social media, file storage or banking services, use 2-factor authentication where possible. 2-factor authentication means that even if your password gets stolen, something else is also required to get into your account, such as your mobile phone.
Reducing the harm, if your information is stolen:
- To be notified by email if your email address appears publicly in any hacked data, sign up to the free service haveibeenpwned.com. Look for the Notify Me link at the top of the site.
- Change your password immediately on any service that has been hacked. Start with your email account, as it may be used to reset passwords in your other accounts. If you have used the same password on any other service, change your password there too.
- If your credit card details are compromised, contact your bank immediately.
- If a social media account has been compromised, ensure it hasn’t been used to send messages to friends, such as “Help, I’m in trouble! Please send money to X bank account urgently”.