I am sure you have heard about the Yahoo account breach in the news. In case you aren’t aware of it, Yahoo announced in October 2017 that more than 3 billion accounts have been hacked during August 2013. Even though Yahoo stated that they have notified those whose accounts were compromised much earlier, it leaves you wondering what if another of your several online accounts were hacked? And what if the website never notified you and you are using the same password on other websites? That is why, today, we will be discussing how you can find out if any of your online account has been hacked and what needs to be done afterward.
Check If Your Account Has Been Hacked
The HaveIbeenPwned website has been developed by Troy Hunt, a Microsoft employee. He is an expert on web security, and after discovering about countless websites with data breaches which never notify its users, he decided to develop this free resource for any person to check whether an online account has been hacked or ‘pwned’.
It’s extremely simple to use – you just need to enter the email address or username you wish to check. The website also allows the option to automatically get notified about any data breaches for your account if you submit your email address.
Also Read: Cyber Security Trends for 2018
They also have an API which can be quite useful to automatically check a bunch of accounts together, and could be extremely beneficial for offices and workplaces to check if an employee’s account has been hacked.
Till date, they have discovered 258 websites with data breaches including major websites such as LinkedIn, Adobe and Badoo.
What Should You Do If Your Account Has Been Hacked
If you know your account has been hacked, you should know what you should do next. Here are a few steps to consider –
- Immediately, change your account password in the compromised website. Hopefully, you are not using the same password for other accounts, but in case you are, you need to change those passwords as well to be safe.
- Nowadays, you should use password managers to create secure random passwords automatically, which even when compromised won’t leak any information about your other passwords.
- Use two-factor authentication if possible. This means even after entering the correct password, there is another barrier, usually in the form of OTP(one time password) sent as SMS to your phone.
- Don’t reveal any important information about yourself in the security questions. If the attacker gains access to the answers, he could discover more about you by searching on Google. It is often recommended to even lie in the security questions and keep the answers hidden somewhere so that you can remember those later.
Security is extremely important and should not be taken lightly. We create accounts on tens, even hundreds of websites nowadays, which makes it essential to use password managers since remembering so many passwords is impossible and using the same password or even any combination of passwords can come back to haunt you if any one of those websites gets hacked.