It seems like every day we read about another big company falling victim to a hacking or malware attack that results in the compromise of massive amounts of customer information. In fact, according to an Identity Theft Resource Center report, in 2014 there were 783 data breach incidents, which accounted for the compromise of 85,611,528 records. In another study from May of 2014, it is estimated that 47% of U.S. adults have had their personal information exposed by hackers. That’s quite a bit of compromised personal information!
Now, take a moment to think about all of the online accounts you use as part of managing your small business. Then think about all of your personal accounts for everything from banking to email to social media. That’s quite a bit of personal information that could potentially be compromised!
In an ideal world, companies would notify you directly if there is even a possibility that your account credentials have been compromised, so that you can take action to protect yourself. Of course, your very first step should be to change your password for the compromised account, as well as for any other accounts that use the same User Id or email address and the same or a similar password. (See this Tip post for more on creating strong passwords.)
Unfortunately, you just can’t count on being notified every time a company suffers a data breach. While some of this may be due to the breached company being less than transparent, it is more likely due to the fact that the company doesn’t know it has been breached. According to a recent report, it takes on average 170 days for a company to realize it is the victim of a cybercrime attack, and that goes up to 259 days if the attack involves an insider.
Who does know, almost immediately, if your personal information has been compromised? Thieves who want to use it to steal your money, or your identity. In the dark underworld of the Internet there are lists of compromised user credentials dumped for the unscrupulous taking, or made available for purchase.
So, now you’re probably thinking that it would be a good idea to try to check out those data dumps of stolen credentials just to make sure that yours are not in there. Have I been Pwned? is a free service that can do just that. You can also sign up for a free monitoring account that will send you an email alert if your email address shows up on one of these data dumps.
(In case you’re wondering, the name came from the hacker slang “pwn” (typically pronounced “own”), meaning to compromise and control a computer, a gamer, a user, an iPhone, etc. The derivative “pwned” means a person or device that has been so subjugated.)
Start here, enter your email address, and click the “Pwned?” button. It will also show you the last date on which your credentials were found. So if you see something recent, that is cause for concern. If you see results from 2 years ago, it is probably nothing to worry about.
For more information about Have I Been Pwned?, check out their about page, and their FAQ. The service is free, and they don’t use your email address for anything but querying their database and sending you alerts. So, take a moment today to make sure that your credentials have not been compromised.