Data leaks
A data leak means that your personal information (such as the username and password of an account, pictures and videos, email correspondence, documents) has fallen into the wrong hands. With so much of our lives now digital and with so many different data-intensive internet services, the amount of data we have in cyberspace is huge and data leaks have become commonplace. This article explains the reasons for data leaks and what to do if your data is leaked or stolen.
Why is data leaked?
A data leak usually happens because the company or organisation that manages the data has failed to do something – for example, neglected to patch a security vulnerability – or because one of their employees has made a human error, allowing the database to be accessed and downloaded externally. It may not be very easy, but cyberspace is full of hackers and criminals who specialise in such activities. Databases found in this way are copied and often sold on the dark web to other criminal groups who try to earn a profit from the data.
Sometimes, however, we leak our own data by entering it into a phishing site (read more: Phishing) or by incorrectly setting up our social media accounts or phone apps (read more: Online privacy).
How can a data leak affect you and what can you do?
In most cases, data leaks involve large databases with the data of thousands, sometimes millions of people. This may raise the question of whether individuals should worry about it at all.
The answer is ‘Yes’ – depending on the type of data, it could be used against you or to attack the people you know.
The company or institution whose systems suffered the data leak has a duty to inform its customers, and the notification will usually also state what kind of data was leaked. Depending on the nature of the data, you can decide whether you need to take action immediately.
Please note! It is also important to consider that criminals may use the leaked data to send new phishing messages and scam emails. For example, an email may state that your details have been leaked and you need to enter your username and password to update or maintain your account. Such emails are usually phishing attempts – official notifications of leaks do not ask people for further information.
Here are some examples of the types of data that may have been leaked and what to do in such a situation.
| Type of leaked data and impact on people | Steps to take |
|---|---|
| Leaked bank card details can be used to make payments online, resulting in direct financial loss to the victim. | Notify the bank, close the card that has been leaked, and order a new one. In addition, it is a good idea to review the payments made on your account as well as to dispute suspicious payments and follow the bank’s instructions. |
|
Leaked account details (username + password) can be used to take over the account, and depending on the type of the account, there may be different ways for a criminal to exploit it. The leaked account details may be used in other systems, so there is a risk of multiple accounts being hijacked if the password is reused. |
Check your accounts and make sure nothing unusual has happened. You should suspect hacking when you can no longer log in and/or you notice that strange messages/advertisements have been posted or strange emails sent from your account. If you know or suspect that any of your account details have been leaked – for example, your social media or email username and password – change your password immediately in the affected environment. If you use the same password on another platform, change the password there, too. It is quite common for criminals to try to log in with the same details on several different platforms. Use two-factor authentication in all environments where available. In this case, the villains need more than a password for taking over your account. If the criminals got ahead of you and your account has already been hacked, read the article on hacked social media accounts. |
| In the case of leaks of sensitive data, such as health-related information, criminals may try to use that to extort money from you. | There is nothing you can do to prevent it, but if you receive an extortion email, keep calm, do not respond to the perpetrators, and report it to the police via the website of the Police and Border Guard Board. |
|
If other types of personal information (such as your name, email address, phone number) has leaked, the most likely result is an increased risk of phishing and spam emails. Criminals can also use the leaked data for concocting more plausible phishing messages; for example, if your account details have been stolen from an online pet shop, you may start to receive offers pertaining to pets that actually lead to a phishing site. |
Be aware of the threat of targeted phishing and stay vigilant to recognise more advanced attempts at phishing so you would not fall victim to an attack. Read more: Phishing. |
More on the topic:
There are a variety of tools available online to check if your email account has been affected by a major data leak. One such example is https://haveibeenpwned.com. (Please note! On the search field, you should enter your email address, not your password!)
