How to . . .find out if your account has been leaked online

We are all at risk of falling victim to a data breach - but how can we find out if the worst has happened?

Email accounts, social media, banking, shopping: we use so many online services it is hard to keep track of where our data is held.
Email accounts, social media, banking, shopping: we use so many online services it is hard to keep track of where our data is held.

Email accounts, social media, banking, shopping: we use so many online services it is hard to keep track of where our data is held.

But all that data is swirling around out there, and it isn’t always as secure as we might have hoped. Online data breaches happen, whether it is poor security measures on behalf of the entities collecting that data, or the result of an unforeseen vulnerability.

If you are a regular user of online services, it is unlikely that you have escaped unscathed from the many data breaches that have hit in the past few years. Facebook, Dropbox, Yahoo, LinkedIn, My Fitness Pal, Zynga, eBay and Equifax are just some of the well-known companies that have reported breaches in recent years. Each involved information ranging from email addresses and passwords to dates of birth and financial details.

The danger such leaks pose varies depending on the type of data that has been stolen and whether the details are still current. Passwords can be easily changed, but it is impossible to alter your date of birth, for example.

READ MORE

But how do you find out if your details have been compromised? There are a few tools that will help you on your way.

Websites

Security researcher and Microsoft regional director Troy Hunt's HaveIBeenPwned.com has been tracking data breaches since 2013. Set up after Adobe's data breach, the site acts as a free resource for people to gauge if they have been put at risk due to a data breach. More than 11.1 billion "pwned" or compromised accounts can be searched on the site, with the latest data breach from Clearvoice already added.

The site has also compiled the recently resurfaced Facebook data breach that saw millions of phone numbers scraped from the social media network made available online, free of charge.

You can check your details on the site and sign up to get updates should your details pop up in another data breach. It’s a handy early warning system for users.

Another option is the Hasso-Plattner Institut. You enter your email address and the website will send you an email with any listed breaches your email address has appeared in.

Security company F-Secure will also scan its known data breaches for your email address and send you a list of incidents your details have been affected by, plus the date each incident was recorded. It also offer some advice on what to do next. The company has something to sell – its ID protection service – but there is no obligation to put your hand in your pocket. Similar services are also offered by Avast, with its Hack Check search, and

Google and Apple

Both Google and Apple offer a password check up within their respective operating systems for credentials that have been saved to your Google or iCloud account.

In Android, go to Settings>Google and select Manage your Google Account. Scroll to Security, and you will see an option to fix any critical security problems that Google has identified.

You can access the same page from your web browser by logging into your Google Account here.

If you are on an iPhone or iPad, go to Settings>Passwords>Security recommendations, and make sure “Detect compromised passwords” is switched on. Should any of your passwords have been exposed in a data breach, you will get a security alert, plus the recommendation to change the passwords on the respective websites.

Password Managers

If you have signed up with a password manager, you can check out the security of your passwords. Nordpass, LastPass, 1Password and Dashlane all offer the ability to check out your password health, flagging compromised log in details, reused or weak passwords that need your attention. For a fee, you can also get dark web monitoring, to give you a heads up if your details appear.

The good thing is that you can use the same services to change all your compromised log-in details and create unique, strong passwords for each account.

What next?

If your passwords have been leaked in a data breach, you need to make sure that you change your compromised log-in on that site. The same goes for any other website where you may have reused those login details.

This is why experts recommend unique passwords for each account, rather than reusing the same login over and over; if one account is compromised it puts the rest of your online services at risk. Password managers are a good tool to have, because you only need to remember one strong password to access the service, and the manager will come up with the rest.

You should also keep an eye out for any unusual activity on your other accounts, such as attempted log-ins from devices that aren’t yours. That may indicate someone has your compromised account details and is trying their luck.

Prevention is always better than cure. If available, enable two-factor authentication on your accounts, preferably using an authenticator app on your smartphone to generate one-time codes.

It’s probably also a good time to shut down accounts you no longer use, such as email and social media. At the very least, you may not realise that these zombie accounts have been compromised, giving malicious users access to your data – or your online identity.