Have You Been Pwned?
While the internet has been revolutionary for connecting people and information, it doesn’t come without its drawbacks. One of these being how much easier it is for criminals to get a hold of your account logins or other personally identifiable information to use for identity theft, credit card fraud, and other schemes.
There is an entire marketplace on the Dark Web that traffics in stolen information that’s been gathered from data breaches and phishing attacks. Stolen login credentials are a hot commodity, which is why pwning is so common.
Here are some of the average going rates on the Dark Web for stolen login credentials:
- Online banking: $259.56
- PayPal account: $42.38
- Amazon account: $30.36
- Best Buy account: $26.54
- Expedia account: $10.00
- Google Voice account: $4.00
- Skype account: $1.25
What Does Pwned Mean?
The term “Pwn” (pronounced “pone”) began in the gaming world where it means a way to dominate or “own” someone. It then transitioned into the cybersecurity world and the meaning evolved to describe gaining illegal access to personal data or information and taking advantage of someone using that data.
So, when you hear someone say, “I’ve been pwned!” it refers to having their personal data stolen. The most common data to have stolen online is your username (usually an email address) and password to an online account.
Many people have been pwned and don’t even know it. This happens through data breaches of sites where someone has an account. That site has a data breach, and sometimes millions of usernames and passwords are stolen.
Hackers can then use this information as a commodity on the Dark Web. Those that purchase user logins try them anywhere that they can to access stored credit cards in retail sites, email through Gmail or another service, and more.
65% of people reuse their passwords across multiple accounts.
A few examples of recent data breaches that may have impacted your login credentials include:
- January 11, 2021: A Facebook, Instagram & LinkedIn breach impacted at least 214 million users.
- January 20, 2021: A breach of online photo editing site Pixlr exposed 1.9 million user records.
- February 18, 2021: The California DMV had a breach of its database that exposed personal information over the prior 20 months of vehicle registrations.
- March 23, 2021: Hobby Lobby was the victim of a data breach that exposed 300,000 customer records.
How Do I Know If I’ve Been Pwned?
It’s important to stay vigilant about your data, including your login credentials. This means proactively searching for potential breaches. This can be done in a few different ways.
Check Your Email on HaveIBeenPwned.com
There is a free-to-use website you can use called HaveIBeenPwned.com. You input your email or phone number and it searches known Dark Web marketplaces and recent data breaches for your information.
If your data is found, it returns a result and gives you information on the breaches that resulted in your information being exposed.
Password Security Check in a Browser
Because of the prevalence of data breaches and other IT security threats, many browsers have been adding features that allow you to check your passwords for exposure.
- Chrome: Go to your Settings and look for Passwords in the Autofill section. It will display any passwords you have stored that have been compromised.
- Edge & Firefox: Both have Password Monitor features in the Settings > Passwords area.
Use an Identity Theft Monitoring Service
When you sign up for an identity theft monitoring service, it will keep you apprised of compromises that impact your personal information. These services will typically have alert systems that notify you immediately if any of your data is found on a Dark Web marketplace and similar sites that traffic in breached information.
What Should I Do If I’ve Been Pwned?
Change Your Passwords
The first thing you want to do once it’s identified that one of your passwords has been breached is to change that password on all accounts that use it.
You should set up unique passwords for each account, so if one is breached, it’s not going to impact several accounts. One of the easiest ways to ensure strong and unique passwords are used for every account is to use a password manager.
Implement Multi-Factor Authentication (MFA) on All Accounts
The extra few seconds you take to receive and enter an MFA code to complete your login is worth it when it comes to protecting your accounts from a breach. According to Microsoft, implementing MFA can block 99.9%of all fraudulent sign-in attempts.
This keeps your accounts safe even if a hacker has stolen or purchased your stolen account credentials.
Monitor Your Bank Accounts & Email
After you’ve been pwned you want to keep a close eye on your bank accounts for any fraudulent transactions. If a hacker breaches a password on an account like Amazon that has a saved payment card, they could be using it.
You also want to keep an eye on your email to ensure a hacker hasn’t gained access and is using your account to sent phishing or forwarding your email to themselves. Check for sent messages and forwarding rules.
Get Expert Help Securing Your Information & Keeping Accounts Impenetrable
GEEK911 can help your Silicon Valley business instill good account security like multi-factor authentication to ensure a pwning doesn’t negatively impact your bottom line.
Contact us today to schedule a consultation! Call 1-866-433-5411 or reach us online.