The Latest Data Breach and Your Personal Information
In the wake of the bombshell that G+ will be no longer, I received an email on October 9th from Credit Karma regarding the status of my data as it relates to the latest data breach.
While I started using a site called LastPass about a year ago to manage all my passwords, I'll be the first to admit that I was not in a rush to go through all my existing accounts and update my passwords. Sure, I modified the passwords on the accounts I used frequently, like my email account, social media and e-commerce sites.
I had pretty much forgotten about all the old accounts that had been imported into LastPass when I first signed up, and ignored the initial reminders that I was utilizing passwords multiple sites, thinking that it was no big deal and that my data was safe.
Many of you who are reading this are probably in the same boat I was. Too busy, and too brain fried to come up with a unique password for every single site we use, so we get into the habit of reusing the same password over and over again. Even though we are advised not to do so.
Equally, concerning was the list of Data Breaches, over the past SIX YEARS, that my email alone was associated with. Some I was aware of, many of which I was not.
Due to this information, I just spent the following morning going through my Last Pass vault, and identifying each and every site that used my email address, and changed the passwords on each and every account. While I am feeling somewhat better about this situation, I am still concerned that there may be accounts out there that I do not even know about, because they haven't been used in ages.
Are there sites that still contain my email address, but utilize something other than my email for the user id? And if so, how would I even go about finding those sites?
How The Latest Data Breach May Affect You:
Simply stated, a Data Breach refers to a situation where your personal data has been exposed. It could be as simple as just your email address and password, but it can be as detailed as your financial data, like the one that happened with Experian.
Financial data, particularly those that may include your social security number put you at a high risk for identity theft. This means that a criminal has all the data needed to pose as you and open credit card accounts, apply for loans, and more. All things that can ruin your credit profile, if you are not aware of them.
I personally had my identity stolen about five years ago, but the source was from the unlikeliest of places. My husband and I had applied for a car loan at a local car
dealer. As part of the process the dealer takes a photo copy of your drivers license. About a month or so later, I started receiving credit cards in the mail. At first, I thought they were "introductory" offers, until I looked further and found they were accounts that had been opened in my name. They went on a spending spree at a local mall, and opened accounts and ran up the balance, until my less than stellar credit at the time put an end to the spree.
As soon as I realized what had happened I contacted the credit bureaus and notified them of what happened. I also talked to the fraud department at one of the last stores the individual had tried to open an account at, and was denied, only to find out that the individual had my EXACT drivers license number, name and address, and all they did was change the photo.
How to Fix It:
Depending on the information that was leaked, the first step would be to change the passwords on all the accounts that utilized any of the passwords included in the breach. If you use a service similar to Last Pass, you should be able to search your vault for all accounts that utilize your email address, and it will display the password you used with that account.
If, on the other hand, you are still utilizing the same password on all your accounts, the first step is to change these passwords IMMEDIATLY! I highly recommend using https://www.lastpass.com/ (No affiliate link), as it is completely Free to use. With this service, all you need to do is remember one main password which provides access to your vault. There is an Add-on for Firefox that allows the service to auto-fill the username and password on sites that it has a match for.
I personally like the service because it will auto generate a unique password with upper and lower case letters, numbers, and special characters of as short, or as long of a password as you would like. This eliminates the chance of ever using the same passwords on multiple sites. Just make sure you keep your main password safe, because if you forget that, you lose access to your entire vault, which could be a huge headache.
1. Request a free copy of your credit report to check and make sure there are no accounts on file that you did not personally open yourself.
2. Contact all the credit bureaus and put a fraud alert on your account. This will protect your account for one year against someone opening new accounts in your name. If you've already been a victim, an extended fraud alert can be placed on your account, and will protect you for seven years.
3. Consider placing a credit freeze on your account. This process makes it harder for identity thieves to open new accounts in your name because a creditor will need to see your credit report prior to approving you for a new account. If you want to open a new account, you will need to temporarily lift the freeze. A freeze is a good idea if you have no plans or needs to open new accounts in the near future.
Conclusion:
Learning that your data has been involved in one of the latest data breaches can be frustrating, and a bit anxiety inducing. But with some simple steps, like the ones outlined above, you can lessen your chance of becoming a victim in the future.
Recent Comments
27
Agree. I have used Last pass in many years.
Except for security reason I never have passwords for the financial website there, just keep it in the brain!
I used to keep it in the brain, but my brain no longer works like it used to, no thanks to chemo. It doesn't hurt to change those passwords from time to time as well, just to be safe. :-)
It's a personal preference. At least with LastPass, every single password is unique. That's less beneficial to a hacker. They like the one source of data that is useable on a variety of different websites. When you can quickly generate passwords like this, @nz8XV&7VhmJt2;#fxk75Q&He;, for example, no hacker is going to take the time to try and use that, and it's almost impossible to brute force it. They would much rather take advantage of those who use, Password, yes it does happen, or an easy to remember password. The brain cannot remember complexities like what I listed above, so we tend to default to easy to remember terms, which I too was guilty of, but it also opens us up to more potential issues.
Just being online opens you up to potential risks, all we can do is our best to protect ourselves with the tools we have available, or choose to cut the cord completely and not have an online presence at all. (I'm speaking from 15+ years IT Support experience)
I've fixed everything that I'm aware of at this point, and I'm as comfortable as I can be with it. Hopefully, this helps others be proactive about their data, instead of finding themselves in a reactive situation.
Always happy to help! Anything to protect others from having to deal with the negative sides of data breaches.
Very valuable information! I've put you in my "favorites" file so can read your post again later.
I spent many years in IT support, so one would think I would know better when it comes to passwords and protecting myself, but we're all human, and never think bad things will happen to us. Glad this information can be of help.
Yikes! 12 data breaches...
These companies want all the data on us that they can get their hands on and yet fail to implement the safe guards to keep that data safe.
At least you are on our side!
Thank you for this timely and important information!
Now I have to follow you! :-)
Yep, I was a bit surprised myself at how many breaches I was involved in. And that list just relates to one email address, how about accounts I no longer use? When you really stop to think about it, it's really scary how much information is really out there, even when we do our best to protect ourselves. My husband and I shred all personal data that comes into our home, and yet I was still the victim of identity theft, in the offline world.
Even if you choose to not use a site like LastPass. I've seen other commenters mention writing passwords down, it probably wouldn't hurt to use a password generator, a quick internet search brought this one up, no account needed:
https://passwordsgenerator.net/
Great information. I can really use this. I have been trying forever to recover an old facebook account and since FB essentially has no customer service, have not been able to. Thanks again.
Great information! I actually bought a cheap address book and keep my usernames and passwords listed in there alphabetically according to the name of the site. This has been a huge help!
That's a great idea as well. Just make sure that when you are creating your passwords, even if you're not tracking them online, avoid using common words or phrases that are easy to guess. A blend of letters and numbers is best. And the longer the better, it makes it harder for scammers to "break". I just did a quick search, and this looks like a good tool to create passwords, no account required:
https://passwordsgenerator.net/
Thank you for the reminder. It is a real pain using different passwords all the time. I have used another program similar to Last Pass, but now you have brought it up I’m going to change.
I have honestly lost track of how many different sites I have accounts with. It was a pain trying to remember them all, then add on the chemo brain, and my memory really sucks. That's part of the reason why I use LastPass, makes my life so much easier. I know there are other sites with similar functionality, but the key is to find the one that works best for you and you're most comfortable with as it makes managing passwords so much easier.
To keep your personal information on usb and write down on paper from hackers ever getting it.
That's a good idea as well. But keep in mind, a USB drive is still subject to failure, as it's just a mini hard drive. Pen and paper can work as well, provided you keep it in a safe place that is easily accessible. I have family members whose desk is a bit messy, which makes it next to impossible to find passwords that have been written down.
See more comments
Important information. Many thanks for sharing.
Always happy to help!