Despite its near inevitability, a data hack is still a shocking experience. Just as jarring, though, is the unknown—not knowing what will happen next to your personal information.
Hackers usually don’t want meaningless data. They steal information that can unlock doors to money. That’s why even if they nick only a bit of personal information in a hack of one organization, they’ll eventually get a fuller picture of an individual’s online profile through other hacks.
Aided by cheap tools and hundreds of hacking methods that constantly evolve, hackers sell their bounty in the dark corners of the web, while they continuously gather more and more information on millions of individuals. Meanwhile, those innocent victims wait for the next shoe to drop, fearful the information they entrusted to businesses will now be used for nefarious purposes, including acts that will harm their reputations or finances.
Hackers certainly have a lot of targets to hit, as we’ve been reminded once again this past month. Consider the personal information—including names, phone numbers, email addresses, and biographical information—stolen from more than 533 million Facebook users and posted on a popular hackers’ forum. Facebook said the information was taken by hackers who used automated tools to “scrape” unprotected users’ data, its way of saying there was no breach. Similarly, after personal information was taken from more than 500 million LinkedIn user profiles to be put up for sale among hackers,LinkedIn deflected blame. The company said it wasn’t breached but rather the hackers’ illicit database of personal information “is actually an aggregation of data from a number of websites and companies.”
Either way, the people who at one time felt assured providing personal information inevitably had it stolen from these and many other websites and applications. Data breaches really are an inevitability. A Dell survey in 2020 showed that 63 percent of businesses had suffered a breach within the previous year.
What’s a privacy-loving individual who nonetheless needs to conduct business on digital platforms to do? Fortunately, there are resources to soften the blow: a web resource to see if you’ve been hacked and digital tools to shore up your online security. The hackers don’t always have to win.
“Pwned” might be an urban slang, but the feeling is universal. It means “to be owned,” as in, to be dominated or beaten. Because“p” sits awfully close to “o” on a keyboard, “owned” became “pwned” in online circles.
Troy Hunt, a Microsoft executive, wants people to solve the mystery of whether they’ve been owned by hackers. He established “Have I Been Pwned”—a free service that will confirm if your personal data has been involved in a breach. By punching in your email address or cellphone number, you’ll get a rundown of how your data might have been swiped.
If you’re lucky, you’ll get a clean bill of digital health.An email address that I share sparingly and provide only to trusted contacts has not been hacked, according to the site. But an email address I use for ecommerce, social media, and all online business with people and places I don’t fully trust has been involved in at least eight data breaches, includingLinkedIn and the genealogy platform MyHeritage, which I don’t remember using.
If you feel skeptical about entering your email address and phone number into “Have I Been Pwned,” thinking it could, ironically, be breached there, keep in mind the resource has the blessing of other security pros.
Of course, the surest way to keep hackers at bay is to vigilantly practice good cybersecurity hygiene. It’s a silly expression, but it is very much akin to the rewarding drudgery of brushing and flossing teeth several times a day. Changing passwords frequently reduces the odds of a hack, as does refraining from using simple passwords such as “CelticsFan” or, even worse, “Password1.” Even more, not using the same password for multiple accounts is a big step forward. If you’re hacked on one site, that very same password can be used with glee by a hacker on other accounts.
It is tough to stay on top of passwords, especially if you’re like me, a subscriber of dozens of news, sports, social media, weather, and ecommerce accounts. To overcome my faulty memory, I take advantage of iCloud Keychain across myApple devices. It keeps my usernames and passwords secure and updated across devices. When I log into an app or web account, KeyChain does all the work.
An extra benefit of Apple security is how the passwords page in iOS settings recommends which passwords to change, highlighting how a password with characters similar to one of my passwords has appeared in a data breach or contains a common word that poses a risk. Apple goes to work here, as well, offering its own randomly generated set of hard-to-guess characters. Not only do my devices remember my passwords, but they also make them hard to hack.
Google offers a similar service on Android devices, letting users synch passwords across devices. And Google Chrome has a password scanner that alerts users about passwords involved in breaches.
Apple, by the way, has taken what many tech observers to be a big step forward in furthering its commitment to individual data privacy. Its latest operating system allows users to opt-out of the tracking of their personal data in apps, which then typically sell the data to third parties. If this seems unrelated to hacking, it isn’t. A company that commits to data security is also doubling down on data privacy.They are very much aligned objectives for many organizations. Just as a third party can’t do much with a user’s personal data when it can’t be accessed in the first place, a hacker similarly can’t do much with personal data that’s pseudonymized or anonymized for security.
Hackers have all sorts of time and tools on their hands to attempt the theft of personal information. Of course, businesses can and should place more emphasis on the preservation of personal privacy by protecting data everywhere it goes. When sensitive data is properly and fully protected from end to end as it moves through cloud and on-premises applications and systems, the data is effectively useless if it’s ever breached.
But until every organization does that, individuals have to stay on their toes and not get “pwned.”