Data and identity theft are booming: Around Christmas, a so-called VIP-hack attracted a lot of attention, and at the beginning of 2019, the Collection #1 – #5 with about 2,7 billion e-mail-addresses and passwords were leaked.
Analyses have shown that both incidents didn’t leak new data but are just a collection of many smaller events of the last years. Still, the leaks impressively demonstrate the vast amount of data that is already out there. An opportune time to check if your data is involved too.
Data check: verify your e-mail-address and password
The web service https://haveibeenpwned.com/ by security researcher Troy Hunt is the perfect address to see if your e-mail-address is among the leaked records. Via “notify me” you can ask for notifications if your data appears in future leaks. There is also an opt-out-service to exclude your e-mail-address from public search.
Besides, the website offers the possibility to check passwords encrypted and anonymously: If contained in public records, they are not safe for using them in the internet any more.
Identity checker https://sec.hpi.de/ilc/ by Hasso-Plattner-Institut (HPI) sends a record to the e-mail-address in question, including the data leaks where the records where found, and which additional private information was published (e.g. name, date of birth, bank data…). The website also shows interesting statistics based on the records, e.g. the most common passwords found in all leaks.
Password hygiene and e-mail-accounts
For topical reasons: Use different passwords with sufficient length and complexity for different services and platforms. For security demands, the number of characters is more important than the complexity, so go for long words or phrases. Also, it makes sense to use different e-mail-addresses for different services like newsletters or social media.
For secure administration of all those different passwords you might want to use a password manager: KeePassX can be used for both PC and Smartphones.
Most common services offer additional security queries. Activate these options to make it substantially difficult for attackers to take over your account. Besides username and password, another external query will be performed: That might be a SMS to your smartphone, predefined TANs or similar actions that have to be performed in addition to your account data. Please test these features before use in order not to lock yourself out of your account!
Install security software and updates
Use professional antivirus software for your PC and laptops and as well on your smartphone and tablet. Mobile devices have already attracted the attention of cyber criminals, though some users still lag behind with their security measures.
Configure your security software with pre-set scans and automatic checks of all downloads and uploads. Updates of your hard- and software should immediately be installed since new program version often come with better security. Besides: Stay wary.