It is not uncommon for data breaches to occur in digital and online services, and there is much debate surrounding the methods of protecting personal data against breaches. However, what should you do if you are on a list of people whose information has been exposed to the public?
Data leaks used to happen from time to time on some services, and there is a lot of discussion about the methods to protect personal data. However, if the attack is targeted, prevention is in the hands of the user.
Experts have prepared a short guide on what to do first if your personal data enters the network as a result of a massive platform leak:
- Change your password as soon as possible. In the event of a data breach it is essential to change your password immediately and consider all other sites where the same password is used. For added security it is recommended to use a trusted password manager.
- Keep an eye out for possible scams or phishing cases. Services that are aware will usually notify their users via email if there is a major data leak. However, beware of phishing attempts, as malicious actors may include a link in the email that asks users to change their password. By clicking on this link, the user will be directed to a malicious page where they will enter their current username and password, thereby exposing their account details. To protect yourself, it is best to go directly to the service’s website and update the password yourself.
- Choose your suppliers responsibly. If you’re considering using an online service, such as a VPN, it’s important to take the time to read up on the provider. Research the company’s knowledge and experience in development and, if possible, look for reviews of their services offered by reputable independent organizations such as AV-Test, which provide a complete and exhaustive analysis. Selecting a trustworthy company over a dubious one-day service will ensure that your data is safe and secure from potential breaches.
- Don’t forget two-step authentication. To protect your account against unauthorized access, it is recommended to set up two-factor authentication. This can be achieved by receiving confirmation by SMS, by email or by using an authenticator app that generates one-time codes. Once activated, make sure to save the recovery codes provided. Avoid taking screenshots of these codes on your phone, as there is a risk that attackers could access this information.
- Only share the bare minimum of your personal information online, as mass breaches of services are not uncommon. It is important to understand that minimizing the information provided to a service can reduce the damage from a leak. You do not need to use your primary email address when signing up; you can always use an alternate account. Also, if the service does not require it, avoid indicating your real name and residence address. Although these measures will not stop a targeted attack, they can help mitigate the risks of a large-scale leak.
In case of targeted attacks:
Contact technical support immediately. If your account has been stolen, it’s important that you contact support immediately and save any screenshots that can confirm the intrusion. You may also need to provide passport details (for example, Instagram requires this). If you’ve contacted support but haven’t received a response, check your email to see if any rules have been set up. In some cases, hackers will first gain access to an email account and set rules to remove any email from technical support, making it impossible to restore access to the account, such as Instagram.
VPN at all times
To mitigate the potential risks of data leaks in the future, it is essential to use a VPN at all times. Doing so will hide your digital footprint by providing an IP address from another country. Also, encrypting the data before transmitting it will prevent a Man-in-the-Middle attack. In general, it is always preferable to communicate via an encrypted channel rather than using plain text. Examples of this can be found in Privacy Policies, which often include technical data such as IP address, login details, browser, time zone setting and location, and the operating system used to access.