If you have completed the previous lessons, you now know why and how to create strong passwords, why you should never share them with anyone, or use the same password for different accounts. Plus you know how to keep them safe from cyber thieves.
However, there are situations when protecting your password proves impossible, in which case it is vital to change it as soon as possible so as not to jeopardize your account and all the data in it.
What are those situations? For example, when your credentials are not stolen from you personally, but leaked from a service where you have an account. Sometimes developers overlook certain security aspects, or make errors when setting up the system. Attackers, for their part, never give up trying — they know they only have to be lucky once.
Alas, such thefts (aka leaks) are common. And are often quite large. One of the biggest and most high-profile occurred in 2013 when hackers gained access to more than two billion Yahoo! mail accounts.
Leaks have also hit the databases of well-known services like LinkedIn and Dropbox — that is, a famous name is no guarantee of security. Such database records often show up for sale on the black market later, while the victim company itself may not immediately realize it has been hacked.
Likewise, the hackers do not always seek to hijack the affected accounts straight away, and sometimes that is not their goal at all. Instead, they might spend years monitoring how you use the service in search of tasty morsels that can be sold or used for blackmail or phishing purposes. Or they could use your account to distribute malware or spam — for this they don’t need to change the password, and you may not even know that you have a “squatter” in your account.
So it’s important to detect leaks as soon as possible in order to take action. How?
First off, read emails carefully. Big-name services with a reputation and more to protect try to inform affected users of incidents as early as possible. So don’t dismiss requests to change your password — it’s in your own interests to do so. And don’t forget that it is better not to follow a link in an email, but to enter the website address manually. That way you will guard against potential phishing — scammers like to send emails in the name of well-known sites with fake password change requests in an attempt to find out your current password.
However, not all services are equally responsible: Some may put off notifying users, try to hide a leak, or simply not know about it themselves. An additional source of information can be messages from cybersecurity experts monitoring the appearance of account credentials on the black market. But there are many such experts, and they sometimes write in their own professional jargon. That said, most of the information will have nothing to do with you.
To make it easier for you to learn about leaks, as well as other cybersecurity issues, we created a special notification service for Kaspersky Security Cloud. Our experts monitor all leaks and hacks, while the solution identifies the ones of relevance to you personally, and sends notifications only about them. These messages describe what happened, what the risk is, and what needs to be done in clear and simple terms. They ensure that you change the password promptly, remain permanently alert, and do not swallow the bait of scammers trying to exploit stolen information.
Where possible, it is also better to protect accounts with two-factor authentication — this will complicate matters for a scammer who somehow got hold of your username and password.
So, your accounts are now protected with strong passwords, and you know to change them in the event of a leak. Cybercriminals will not be able to get inside and learn things you’d rather keep private. Now it’s time to find out if you yourself are revealing more than you should. In the following lessons, together we’ll check whether your pages in popular social networks and other services are a target for prying eyes.
What is a data leak?