I received an email from my sister, which in itself is not unusual. But, this one said that if I could do her a favor, again, not that unusual. She wanted me to go and get a "Gift Card" for her and send her the information. (Red Flag #1). I responded with, call me. The email said that she was in the car and could not call. (Red Flag #2) I know for a fact that she has a cell phone and that it is hooked up to her car. (How I know this? Because I was the one who set it up for her)
So... I called her.
The first words out of her mouth were not 'Hello' or 'Hey Steve', it was I'VE BEEN HACKED!!!
Yes.. Yes, you have.
Many people use the same password or variations of the same password for banking, shopping, LinkedIn and even Facebook.
So? So what, right?
Well, when you have data breaches like:
*Equifax, 143 Million accounts compromised
*Chase, 76 Million accounts compromised
*Target, 110 Million accounts compromised
*Yahoo, 3 BILLION (That is BILLION) accounts compromised
If (Not if, but When) your data is out there in the wild, All a bad actor needs to do is purchase one of these lists and they have your email address and passwords. Then, start trying out the lists to see if they are able to get into your bank, email, company accounts, etc.
So, I pulled a dark web scan of my sister's email address. It was staggering about the number of breaches that had happened with her information. I block out her information, but it makes the point. See Below
What do you do now?
Don't panic. Damage is already done. Change what you can today. Here are some suggestions.
1. Change YOUR PASSWORDS, ALL OF THEM.
2. Never use the same password twice.
You're going to be like, Steve, I'll never remember all of the passwords that I need to use.
I have a solution for you, Get a Password Manager (LastPass, Password Keeper, etc) Get one that will sync with the cloud, so you will be able to use these passwords on your phone.
3. DO NOT store your passwords in Chrome, IE or Firefox.
4. Subscribe to a business that performs real-time scanning of the dark web for username/passwords. I work with a company that allows me to monitor, not only email addresses but also Company accounts.
5. Make sure that you have an Anti-Virus/Anti-Malware protection is installed and active on ALL of your devices. Yes, including your phone.
Data breaches happen every day to companies all over the world. Many times, companies do not even know that their systems were compromised or we (the public) find out about it 6 months after the fact.
With an ounce of prevention, you can make sure that your or your Company's information does not appear on a list like this.