Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 73

Check if your data has been leaked

Data leaks and identity theft

Though the data breach issue is related to identity theft, to be precise, data leak is part of identity theft. However, these two aren’t identical. If hackers broke the forum you had an account with, this is considered a data breach, not identity theft since your account isn’t directly linked to your identity.

 But if those hackers accessed your account on a dating website with your photos or copies of your passport and used your data for illegal purposes, for instance, to get an online loan or registered an account to your data – you’ve become a victim of identity theft.

To find out if your data has been leaked, use the tips for checking if your personal data have been stolen. We have a separate chapter that focuses on this issue in detail.

The methods of checking your data for security breaches

Using data breach aggregation services

There are websites that collect the information whether your data has been made public in known data breaches and allow users to check if their emails are found on these lists.

 I recommend you use the largest and most popular data breach aggregation service - Have I Been Pwned. First, it has the biggest database, second, it doesn’t expose your passwords or sell your data. As you progress through this chapter, you will learn that not all services are as respectful to your data as Have I Been Pwned.  

have I been pwned

These websites work on the same principle: you enter your email or login, and the breach notification website checks if its data leak database contains it. You need to remember all your emails if the current email you are using for registrations on websites differs from the one you used a year or two ago.

If you want to see how the information about publicized data breaches looks like, enter test@gmail.com in the search bar of the service.

Tip

Remember and check your emails using a data leak aggregation service.

Be aware that in compliance with the privacy policy, the Have I Been Pwned service collects all the data you enter in the search form, the information about your browser and IP address. All this data is stored on Microsoft servers in the U.S. indefinitely.

Checking known data breaches

Even the largest data leak aggregation services have a downside to them. Unfortunately, not all hacked data is made public and therefore added in hacked account databases. We know that between 2013 and 2015 Yahoo had a data breach of all accounts that belonged to its users, but most likely, when checking a Yahoo account, the service won’t find a data breach since the data wasn’t made public and didn’t get enlisted in the databases of aggregation services.

The advantage of similar lists of compromised accounts is their convenience, but a quality check requires you to go through the list of resources that have had a security breach and remember if you had an account with them. This may take a lengthy amount of time, but this is important if you want to check your data for data breaches.

leaked source data base

Tip

Go through the list of major data leaks and website hacks over the recent years and remember if you had an account with these websites.

Checking your data through search

Write down all the websites you have been using over the last years, then check them using a search engine by adding the words like “hack” and “leak” to your query. This is the most boring but also the most effective way to check your data. It works both for mass checking your information and a targeted check of some website for a data breach.

yahoo leak

Tip

Enter the name of a website in your search engine and add the words like “hack” and “leak” to your query to check if your personal data has been compromised.

What to do if your personal data is leaked

 You won’t find any magic cure here, you will need to change the password to your account, switch on two-factor authentication, or better completely delete it if you are not interested in it any longer. If you had an identity theft, there are a range of protective measures that can mitigate the negative effects.

Tip