Data breaches have become more common than ever. The Identity Theft Resource Center found that there were only 238 fewer data breaches in the first nine months of 2021 than all of 2017.
Many cyberattacks are orchestrated against SMEs. However, individual consumers are becoming targets as well. This has created major concerns for citizens all over the world.
If you have found that some of your data has been compromised, then you need to take proper measures right away. The right steps are going to depend on the type of data that was exposed.
What to Do When Your Data is Exposed
The Internet has become a sort of disaster drawer where you can store your entire life. From your bank details and the messages you exchange with friends and family to your photographs. Cybercriminals can use all this information to make money or develop more targeted attacks. That is why it is important to keep all this information as secure as possible or, at least, to try to do so; because, in the end, no matter how many means the Internet user puts in place, leaks still occur.
The first thing the user has to do, if he is aware that he has suffered a leak, “is to remain calm”, as the institution explains. Only old data may have been exposed, such as the address of an old home or a password that has already been replaced.
“When a leak is made public, it is common that the type of data that has been leaked is also public, either because the attackers have made it known or because the attacked company itself has made an official statement,” Incibe points out. Despite this, we must be aware that when a company that provides us with a service, whether it is a social network or a bank, suffers a leak, any data that has been shared with it can be exposed. Once we are aware of what exactly is available to third parties, we will have to act in one way or another depending on the data that has been exposed.
For passwords
Passwords are the keys that give access to any online platform we use. If they have been leaked, whoever has access to the data will obviously be able to enter the victim’s site and impersonate them. Thanks to this, they can also carry out targeted attacks against the victim’s contacts to steal more information.
If a password has been leaked, of course, the first thing the Internet user should do is to change it quickly and set a strong password. It is also advisable to activate two-step verification if the platform in question allows it. Thanks to this, the user will have an extra password that will be necessary to log in to the account; if the cybercriminal does not have it in his possession, he will not be able to get it.
“That’s the most important thing. Two-factor authentication is something you have on your mobile. When it is active the cybercriminal needs two things to access your account, and that makes it much more complicated,” explains in conversation with ABC Josep Albors, head of research and awareness at cybersecurity company ESET.
Password vaults often offer within their capabilities a password generator that creates unique and hard-to-hack passwords.
Phones and emails
If the email or phone number has been leaked, the attacker can use that data to launch targeted attacks against the victim of the leak. If we talk about the phone, these can arrive via SMS, call or WhatsApp. Precisely, Incibe warned just a week ago about a new campaign aimed at stealing passwords to the messaging ‘app’ owned by Facebook.
If the email is leaked, the cybercriminal can start ‘bombarding’ the victim with ‘phishing’ attacks so that, without realizing it, they end up taking the bait and revealing their data.
To try to reduce the impact of a leak of this type, Incibe recommends using alternative e-mail addresses and temporary telephone numbers to register on the online platforms we use; at least whenever possible: “This way, we will avoid unwanted advertising and the risks of this type of leaks”.
Names, addresses or DNI
As with the previous cases, this information can be used to supplant the victim’s identity and carry out all kinds of illicit activities. “For example, they could register services in our name, such as rentals, insurance or services such as water or electricity, especially if account numbers or images of our DNI have been leaked,” they point out from Incibe.
If this information has been leaked, we can try to minimize the impact by carrying out practices such as egosurfing from time to time. That is to say, searching our name on the Net from time to time in search of fake profiles or suspicious activity: “Similarly, it is advisable not to use this information unless it is essential”.
Banking data
Bank details are among the information of most interest to cybercriminal groups. That is why cyber-scam campaigns aimed specifically at stealing it are not uncommon. Sometimes even impersonating banking institutions via email or SMS.
In the event that this information is leaked, the best thing the Internet user can do to minimize the risks, as pointed out by the National Institute of Cybersecurity, is to “notify our bank so that they can evaluate the risk and take the appropriate measures, such as cancelling the bank card and identifying possible suspicious activities”.
Leaked passwords can result in multi-million losses. This is why many large organizations use privileged password management solutions.