A data breach can compromise your information. Here’s how to protect it

There are things you can do to protect yourself if your passwords have been stolen.

Angela Lang/CNET

Okta, a widely used authentication service around the world, is investigate a data breach Tuesday morning after hackers posted screenshots claiming to show the company’s internal systems. Any hack affecting Okta could have far-reaching implications for other businesses and organizations that rely on Okta’s authentication services to gain access to their own systems. As listed on Okta websiteJetBlue, Grubhub, T-Mobile, Peloton and Fidelity are among the companies that use Okta services.

Okta CEO Todd McKinnon has confirmed since that the screenshots shared online were related to the attempted data breach in late January, which the company said was contained. Okta said it found no evidence of malicious activity.

technical-advice-logo-badge.png

Okta is the latest company to investigate such an incident, but it’s certainly not the only one. Earlier this month, the chipmaker Nvidia said that a cyber attacker stole and leaked employee credentials and proprietary company information. Before that, 2021 saw the highest number of data breaches ever recorded with T-Mobile, FacebookLinkedIn and Robin Hoodamong other things, report violations.

Read more: The Worst Data Leaks, Breaches, Scratches, and Security Issues of the Last Decade

With cyber threat actors targeting large companies, software publishers and even apps on your phone, your personal data could be at risk. If your private information has been compromised, you often won’t know until the company you trust notifies you of a data breach. By then, your birthday, social security number, credit card number, or medical records will have already been exposed or stolen.

Any stolen information that leads data thieves to your identity can allow hackers to do everything from make purchases and open credit accounts in your name, to deposit your tax refunds and to make medical claims impersonating you. Billions of these hacked login credentials are available on the dark web, carefully packaged for pirates easy and free to download.

You can’t prevent sites from being hacked, but you can take steps to check whether your information is compromised and limit the damage caused by a breach. First, if you use a password manager that creates unique passwords, you can ensure that if a site is hacked, your stolen password will not allow hackers to access your accounts on other sites. A good password manager can also help you administer all your login information, making it easy to create and use unique passwords.

Then, once you discover that a company or service with your credentials has been hacked, it is recommended that you change that password, whether or not you are notified that your information was exposed in the breach. of data. You don’t want to wait days to act while the company scrambles to uncover the extent of the hack.

After a cyberattack, monitoring tools can alert you to stolen credentials that are on the dark web, giving you a head start in limiting the damage thieves can cause. Here’s how to use two free monitoring tools: Google Password verification and that of Mozilla Firefox Monitor — to see which of your email addresses and passwords are compromised so you can take action.


Now Playing:
Look at this:

Are your login credentials on the dark web? To find…


2:08

How to Use Google Password Verification

As part of his password manager service, Google offers the free Password Checker tool, which monitors the usernames and passwords you use to log in to sites outside of Google’s domain and alerts you if those login credentials have been exhibited. (You may remember Password verification when it was a Chrome extension, you had to add it separately to Google’s browser. This is the same tool built into Google’s password manager.)

googleissues.png

Google’s password check detects some password problems.

Screenshot by Clifford Colby/CNET

1. If you use Google’s password service to keep track of your login credentials in Chrome or Android, go to Google password manager website and press Go to Verify Passwords.

2. Faucet Check passwords and make sure it is you.

3. Enter your Google account password.

4. After a bit of thinking, Google will show all the issues it finds, including compromised, reused, and weak passwords.

5. Next to each reused or weak password is a Change Password button you can press to choose a safer one.

How to use Mozilla’s Firefox Monitor

Mozilla’s free Firefox Monitor service helps you track which of your email addresses have been part of known data breaches.

1. To get started, go to Firefox monitor page.

monitoremailbreach.png

Mozilla’s Firefox Monitor identified four flaws for this email.

Screenshot by Clifford Colby/CNET

2. Enter an email address and press Check violations. If the email was part of a known breach since 2007, Monitor will show you which hack it was part of and what else might have been exposed.

3. Under a violation, tap Learn more about this breach to see what was stolen and steps recommended by Mozilla, such as updating your password.

You can also sign up for Monitor to notify you if your email is involved in a future data breach. Monitor scans your email address for detected data breaches and alerts you if you are involved.

1. Near the bottom of the Firefox monitor pagepress the Subscribe to alerts button.

2. If necessary, create a Firefox account.

3. Faucet Login to see a summary of the violation for your email.

4. At the bottom of the page, you can add additional email addresses to monitor. Mozilla will then send you an email to each address you add with a subject line “Firefox Monitor found your information in these breaches” when it finds that email address involved in a breach, along with instructions on what to do to track the violation.

If not, how to monitor fraud

In addition to using tools from Mozilla and Google, there are a few additional steps you can take to monitor for fraud.

Visualize your digital footprint. Bitdefender provides a dashboard with its Digital Identity Protection subscription that shows where your personal information has appeared online. It also identifies data breaches where your information has been disclosed in the past, alerts you when your personal information appears in breaches in the future, and provides recommended steps to secure your data. It also tells you if your information is on the dark web and lets you know if someone appears to be impersonating you on social media.

Monitor your credit reports. To help you detect identity theft quickly, you can request a free credit report per year from each of the three major credit bureaus — Equifax, Experian and Trans Union — to check for unknown activity, such as a new account that you haven’t opened. (Note that Equifax was itself part of a massive data breach.) You should also check your credit card and bank statements for unexpected charges and payments. Unexpected charges can be a sign that someone has access to your account.

Sign up for a credit monitoring service. To more actively monitor fraud, sign up with a credit monitoring service that continuously monitors your credit report with major credit bureaus and alert when it detects unusual activity. With a monitoring service, you can set fraud alerts that notify you if someone tries to use your identity to create credit. A a credit reporting service like LifeLock can cost anywhere from $9 to $26 per month — or you can use a free service such as credit karma which will watch for credit fraud but not identity fraud, such as someone trying to use your social security number.

To learn more about how to protect your data, see our guides on how to protect your phone privacythe best VPN services of 2022 and why you should never trust a free VPN.

Margie D. Carlisle