2 July 2019
Have I Been Hacked? How To Check If Passwords Are On The Dark Web
What is the dark web?
The dark web is a part of the world wide web that cannot be found by search engines. It is a network of websites and untraceable online activity (often illicit) that can only be accessed using special software. Stolen information is for sale, and passwords are a hot commodity.
Have I been hacked?
Passwords are regularly leaked onto the dark web, but fear not, it is easier than ever to find out if you have been hacked. The website haveibeenpwned.com is a great source for safely checking if your email address has been compromised, and provides the ability to test your existing passwords to see if they have been jeopardised. Companies and individuals can opt to receive alerts if they are caught up in a data breach.
I’ve been breached: Now what?
Firstly, don’t panic, but you do need to take the situation seriously. You should move quickly to update the credentials and passwords for any listed sites. It is also a good time to check if you are using the same passwords on other sites and change these too. Be aware of phishing emails coming to your inbox. Hackers have your email address now and will try anything to get you to believe they have something that belongs to you – you don’t want to get caught up in a phishing or ransom scam.
Depending on the types of sites that have been compromised will determine your next steps. You may need to scan your computer for viruses, and although it is rarely an issue with emails found on the dark web, you should check your bank accounts and credit card statements for any unusual activity.
Prevention is better than cure…
It is important to note that it can take months or even years before a data breach is detected, so the degree of risk is often unknown. Ensuring you have strong passwords that are unique for every different site you visit, paired with multi-factor authentication where possible, is the best defence.
Here are some of the easiest ways to keep your personal details safe:
- Never reuse the same password. Don’t make it easy for hackers, always create a unique password. That way if one site is compromised you aren’t at risk of hackers gaining access to another.
- Always create complex passwords. The longer the better, and always include a combination of letters (upper and lower case), numbers, and symbols with no ties to dictionary words or any of your personal information.
- Store credentials securely in a password manager. You don’t have to remember your passwords, simply install an app such as LastPass. MyGlue is another great option for businesses who need to safely store, manage and share company passwords. These types of applications can also help you generate a complex password when you are creating a new account.
- Use multi-factor authentication (2FA). Adding an extra layer is a proven way to lessen the likelihood of a password being compromised. 2FA requires a second verification method, such as a code that is sent to your mobile device or accessed via an application.
- Do not share passwords via email. If you do need to share a password, use an encryption method. LastPass allows you to securely share passwords with other users.
Are your staff phishing aware?
TechPath offers a phishing awareness campaign where your team is subjected to a simulated phishing campaign. Results and training materials are provided to users on how to differentiate between a legitimate email, and one that is trying to obtain their login credentials. Contact us to find out more.
Looking to make your organisation more secure with 2FA? Contact the TechPath experts.