So, Your Data Was Breached. What Now?

The digital landscape has been rocked by the massive exposure of login data. Security firm Synthient aggregated nearly 2 billion unique email addresses and 1.3 billion unique passwords circulating on dark web marketplaces and infostealer malware logs.

This colossal collection of credentials, stolen over time from various sources, makes it one of the largest datasets of its kind. The primary threat from this data dump is known as credential stuffing. Attackers use automated tools to try these stolen email and password combinations across every major website—from banks to social media—exploiting the common human habit of reusing passwords. If you’ve ever recycled a password, you’re at risk.

The first critical action is to determine your exposure: go directly to haveibeenpwned.com (it’s an odd name but an extremely useful site!) and enter your email address to check if your information was compromised in this or any previous breach. If your data has been compromised, immediate action is required to secure your online identity. Here are five steps you should take if you’ve been the victim of a data breach.

• Change passwords. If you used the breached password on any other site—including your primary email or social media—change them immediately. You must create a unique, complex password for every single account.
• Adopt a password manager. While we’re at it, isn’t now the time? The only way to stop password reuse is by using a reputable password manager to generate and safely store long, unique passwords for all your accounts.
• Activate multifactor authentication. Enable MFA, also known as two-factor authentication or 2FA. Even if an attacker has your password, MFA requires a second, physical device (like your phone) to log in, effectively locking them out.
• Scan for malware. Run a full scan using updated antivirus software on all your devices.
• Monitor accounts. Scrutinize your bank statements and credit card transactions for any suspicious activity, and get copies of your credit report from the three major bureaus.

These days it might seem like having your data compromised is a matter of when, not if, but there are some simple steps you can take to substantially reduce your risk. Stay informed about protecting your private information and your money by subscribing to the Money Mill blog.