How to discover if your email has been hacked
Welcome to Cyber Security Today. It’s Wednesday July 31st. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
I’m away for a few days this week, so instead of news here are some tips on how to be safer online. Reputable companies invest a lot of money in protecting their web sites and customer information. But sometimes mistakes are made that result in data breaches. Among the information that gets stolen are usernames, passwords and corresponding email addresses. How can you know if you’ve been a victim? Use a data breach monitoring site. They keep an eye on criminal web sites where there are lists of stolen email addresses and credentials. Two work in a similar way: You enter your email address, and the site tells you whether it’s listed on a criminal site. Those two are “Have I Been Pwned” — which is spelled P-W-N-E-D, and Identity Leak. The easiest way to get to them is by a browser search and then bookmark the sites. Both allow you to register your email address so you’ll be sent a notice if they know your address has been compromised.
The third service is called Hack Notice. It’s also free, but you have to create a login account with your email address and a 14-character password. Then you can register a number of email addresses or user names to be monitored. It also lets you compile a list of web sites you’ve registered with — like your bank or social media — and lets you know about reports that they’ve been hacked. There’s a separate service for businesses.
These services are only useful for hacks where the attacker posts lists of stolen email addresses for sale. They won’t help if an individual hacks you and keeps it secret.
There are some browser-based tools as well. Firefox Monitor is a service that uses the Have I Been Pwned dataset to check email addresses. You can also sign up for alerts. Google Password Checkup is a free extension you can add to the Chrome Browser. Every time you log into a site, it checks with a database and gives an alert if that username and password have been seen in a database of stolen credentials. There’s a plugin for any browser called Okta Passprotect that alerts for risky passwords.
My thanks to security researcher John Opdenakker who wrote about this earlier this year.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon