Data leaks and identity theft
Though the data breach issue is related to identity theft, to be precise, data leak is part of identity theft. However, these two aren’t identical. If hackers broke the forum you had an account with, this is considered a data breach, not identity theft since your account isn’t directly linked to your identity.
But if those hackers accessed your account on a dating website with your photos or copies of your passport and used your data for illegal purposes, for instance, to get an online loan or registered an account to your data – you’ve become a victim of identity theft.
To find out if your data has been leaked, use the tips for checking if your personal data have been stolen. We have a separate chapter that focuses on this issue in detail.
The methods of checking your data for security breaches
Using data breach aggregation services
There are websites that collect the information whether your data has been made public in known data breaches and allow users to check if their emails are found on these lists.
I recommend you use the largest and most popular data breach aggregation service - Have I Been Pwned. First, it has the biggest database, second, it doesn’t expose your passwords or sell your data. As you progress through this chapter, you will learn that not all services are as respectful to your data as Have I Been Pwned.
These websites work on the same principle: you enter your email or login, and the breach notification website checks if its data leak database contains it. You need to remember all your emails if the current email you are using for registrations on websites differs from the one you used a year or two ago.
If you want to see how the information about publicized data breaches looks like, enter firstname.lastname@example.org in the search bar of the service.
TipRemember and check your emails using a data leak aggregation service.
Checking known data breaches
Even the largest data leak aggregation services have a downside to them. Unfortunately, not all hacked data is made public and therefore added in hacked account databases. We know that between 2013 and 2015 Yahoo had a data breach of all accounts that belonged to its users, but most likely, when checking a Yahoo account, the service won’t find a data breach since the data wasn’t made public and didn’t get enlisted in the databases of aggregation services.
The advantage of similar lists of compromised accounts is their convenience, but a quality check requires you to go through the list of resources that have had a security breach and remember if you had an account with them. This may take a lengthy amount of time, but this is important if you want to check your data for data breaches.