Reply To: ActNow! 16 Billion Google, Apple, Facebook And Other Passwords Leaked

[thumbtak]

Protecting Yourself from Password Leaks

1. Check if your information has been compromised:

• Have I Been Pwned? This website (haveibeenpwned.com) is a reliable resource. You can enter your email address to see if it has appeared in any known data breaches. It’s a good first step to assess your risk.
• Password Manager Alerts: Many password managers (like LastPass, 1Password, Bitwarden) have built-in features that notify you if any of your stored passwords have been found in data breaches.
• Browser-based checks: Some browsers, like Google Chrome and Firefox, can also check your saved passwords against known breaches.

2. Immediate Action if Compromised:

• Change Passwords IMMEDIATELY:
  • Change the password for any account that was explicitly mentioned in the breach or any account that used the same (or very similar) password as one found in a leak.
  • Do not reuse passwords! This is the most crucial rule. If you use the same password for multiple accounts and one gets leaked, all those accounts are at risk.
  • Create strong, unique passwords for every single online account. Aim for at least 12-16 characters, using a mix of uppercase and lowercase letters, numbers, and symbols.
• Enable Two-Factor Authentication (2FA) / Multi-Factor Authentication (MFA): This adds an extra layer of security. Even if someone has your password, they won’t be able to log in without the second factor (e.g., a code sent to your phone, a fingerprint scan, or an authenticator app). Enable this on all your accounts, especially email, banking, and social media. Avoid SMS-based 2FA if possible, as it can be vulnerable to SIM swapping attacks. App-based authenticators or hardware keys are generally more secure.
• Monitor Financial Accounts and Credit Reports:
  • Keep a close eye on your bank statements and credit card activity for any suspicious transactions.
  • Get free credit reports from the three major credit bureaus (Experian, Equifax, TransUnion) at AnnualCreditReport.com. Check them regularly for any accounts opened in your name that you don’t recognize.
  • Consider placing a fraud alert or a credit freeze on your credit reports. A credit freeze is the strongest measure, as it prevents new credit from being opened in your name without your authorization.

3. Ongoing Protection:

• Use a Password Manager: This is highly recommended. Password managers securely store all your unique, strong passwords, generate new ones, and can often alert you to breaches.
• Be Wary of Phishing and Scams: After a data breach, attackers often use the leaked information to create more convincing phishing emails or social engineering attempts. Be extremely cautious about clicking on links or providing personal information in emails or messages, even if they seem to be from a legitimate company. Always go directly to the official website if you need to log in or verify information.
• Update Software Regularly: Keep your operating system, web browsers, antivirus software, and all other applications updated. Software updates often include security patches that fix vulnerabilities.
• Review Privacy Settings: Periodically review the privacy settings on your social media and other online accounts to limit what information is publicly visible.