Data breaches are becoming more common. Finding out you were part of one usually includes a long list of compromised information, such as your password, username, and email address. What does that mean for your internet safety? What should you do? Learn how you can take control after a data breach and better protect your devices, online accounts, and personal data from cyber criminals.
Protect your passwords from cyber criminals, since that’s what they care about most. Understand how hackers work
orget about those hackers in movies trying to crack the code on someone’s computer to get their top-secret files. The hackers responsible for data breaches usually start by targeting companies, rather than specific individuals. They want to get data from as many people as possible so they can use, resell, or leverage it to make money. It all starts with getting your password.
It's not personal. Not at first.
Hackers don’t really care whose personal information and credentials they can get, as long as they can get a lot of it. That’s why cyber criminals often target massive companies with millions of users. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. They only need to find one door or window to get inside. Then they steal or copy as much personal information as possible.
Once they get your data, cyber criminals can start their real work. We don’t always know what they intend to do with the data, but usually they will try to find a way to profit from it. The effects on you might not be immediate. But they can be very serious.
All types of data can be valuable.
Some data — like banking information, bank card numbers, government-issued ID numbers, and PIN numbers — is valuable because it can be used to steal the victim’s identity or withdraw money. Email addresses and passwords are also valuable because hackers can try them on other accounts. All sorts of data can be valuable in some way because it can be sold on the dark web for a profit or kept for some future use.
Common passwords make a hacker’s work easy.
Hackers aren’t actually guessing people’s passwords. To crack into accounts, they use automated programs that enter hundreds of popular passwords in just a few seconds. That’s why it’s important to avoid using the same passwords that everyone else does.
123456 and password are the most commonly used passwords. Don’t use them.
Switching a letter for a symbol (p@ssw0rd!) is an obvious trick hackers know well.
Avoid favorite sports teams or pop culture references. Use something more obscure.
Don’t use a single word like sunshine, monkey, or football. Using a phrase or sentence as your password is stronger.
Don’t use common number patterns like 111111, abc123, or 654321.
Adding a number or piece of punctuation at the end doesn’t make your password stronger.
One exposed password can unlock many accounts.
Hackers know people reuse the same passwords. If your banking password is the same as your email password is the same as your Amazon password, a single vulnerability in one site can put the others at risk.
It’s why you should use different passwords for every single account. The average person has 90 accounts, and that’s a lot of passwords to remember. Security experts recommend using a password manager to safely store unique passwords for every site.
Hackers don’t care how much money you have.
Think you don’t need to worry because you don’t have much money to steal? Hackers couldn’t care less. There are countless ways to leverage all types of personal data for profit.
Through identity theft, cyber criminals can open new credit cards or apply for loans in your name. By getting your financial information, they can make purchases or withdrawals. These attackers can even find ways to target your friends and family once they gain access to your email.
Lock down your accounts to keep your information out of the wrong hands. What to do after a data breach
You get an email, either from Firefox Monitor or a company where you have an account. There’s been a security incident. Your account has been compromised.
Getting notified that you’ve been a victim of a data breach can be alarming. You have valid cause for concern, but there are a few steps you can take immediately to protect your account and limit the damage.
Make your passwords strong, secure, and hard to guess. How to create strong passwords
Your password is your first line of defense against hackers and unauthorized access to your accounts. The strength of your passwords directly impacts your online security.
SECURITY TIP Steer clear of the 100 most-used passwords.
Every year, SplashData evaluates millions of leaked passwords and compiles the 100 most common ones. The most recent list includes password, 123456, and other passwords you shouldn’t use.
Password do’s and don’ts
Do use different passwords everywhere. Password managers and many browsers can generate secure and unique passwords.
Don’t use variations of the same password for different accounts.
Do combine two or more unrelated words. Change letters to numbers or special characters.
Don’t use the word “password,” or any variation of it. “P@ssword!” is just as easy for hackers to guess.
Do make your passwords at least 8 characters long. Aim for 12-15 characters.
Don't use short, one-word passwords, like sunshine, monkey, or football.
Do intersperse numbers, symbols, and special characters throughout.
Don’t place special characters (@, !, 0, etc.) only at the beginning or the end.
Do include unusual words only you would know. It should seem nonsensical to other people.
Don’t include personal information like your birthdate, address, or family members’ names.
Do keep your passwords protected and safe, like encrypted in a password manager.
Don’t share your passwords. Don’t put them on a piece of paper stuck to your computer.
Do spread various numbers and characters throughout your password.
Don’t use common patterns like 111111, abc123, or 654321.
Do use an extra layer of security with two-factor authentication (2FA).
Don’t think a weaker password is safer because you have 2FA.
Understand the most common threats and know what to look out for. Steps to take to protect your identity online
Data breaches are one of many online threats. Using secure internet connections, updating your software, avoiding scam emails, and employing better password hygiene will help you stay safer while you browse.
SECURITY TIP Turn on automatic updates.
You can set your computer, browser, apps, and phone to update automatically as soon as new updates become available. Set it and forget it!
SECURITY TIP How to create strong passwords
Include a combination of upper and lowercase letters, numbers, and characters. Combining a few unrelated words and changing the letters is a good method.
Firefox recommends 1Password, LastPass, Dashlane, and Bitwarden for security and ease of use.
Still wary of password managers? What’s most important is that you use different passwords everywhere. To remember them, write down your passwords and store them in a safe place that only you have access to.
Learn how to avoid bad password habits that make a hacker’s work easy. 5 myths about password managers
Password managers are the most recommended tool by security experts to protect your online credentials from hackers. But many people are still hesitant to use them. Here’s why password managers are safe, secure, and your best defense against password-hungry cyber criminals.
What is a password manager?
Think of it like a safe for your passwords. When you need something inside the safe, you unlock it. Password managers work the same for your online credentials.
You create a single, super-strong password, which acts like a key. Install the password manager app on your phone, computer, browser, and other devices. Your passwords are securely stored inside. Anytime you need to log in to an account, unlock your password manager and retrieve your login info.
Find out how to mitigate the risks of identity theft to prevent financial loss. Take further steps to protect your identity
When significant data breaches happen where high-risk data is at stake, there’s often talk about credit reports. Some companies may even be required to provide credit monitoring as part of its breach notification requirements. Security experts recommend you check your credit reports for suspicious activity. To protect your identity, they also recommend you freeze your credit. Here’s what that means and why it’s important.
What’s a credit report? Do I have one?
If you’ve ever rented an apartment, opened a bank account, or applied for a credit card or a loan, you likely have a credit report.
In fact, you have three credit reports. There are three credit-reporting bureaus in the United States: Experian, TransUnion, and Equifax. Each one holds a report on you that contains personal information about your credit history. Your credit reports contain:
Personal identifying information, such as your name, past and current addresses, Social Security number, and date of birth.
Current and past credit accounts, such as credit cards, mortgages, student loans, and auto loans.
Inquiry information, which are instances in which you’ve applied for new loans or credit cards.
Bankruptcies and collection information.
Your credit report does not include your credit score.
Checking your own credit report will not affect your score.
You will never be penalized for checking your own report or your own credit score. Checking your report does not impact your score in any way. Experian, TransUnion, and Equifax may offer paid identity monitoring packages or charge for access to your credit score, but it’s always free to check your report once a year.
Though the information on your credit report directly impacts your score, reports don’t actually contain your score. There are many websites, services, and credit cards where you can check your score for free. So it’s usually not necessary to pay the bureaus themselves to see your score.
Next step: Block unauthorized access to your credit report with a credit freeze.
Placing a freeze on your credit report is the most effective method to stop identity thieves in their tracks. It’s completely free with all three bureaus and will not affect your credit cards, credit report, or credit score. You can continue using your cards as you were before.
Freezing your credit report means only you can apply for new cards or loans. No one else will be able to do this in your name. It’s like putting a lock on your credit report, and only you have the key. You can unlock (or unfreeze) your credit report at any time. For example, you may want to open a new credit card. You can temporarily lift the freeze to do so, then refreeze your credit report again after.
Federal legislation requires credit-reporting agencies to offer free credit freezes and unfreezes. To freeze your credit report with Experian, TransUnion, and Equifax, call them directly or do it on their websites. You may be asked to create a PIN code or they may generate one for you. Keep this code safe, because it’s the one you’ll use if you need to unlock your credit. A password manager is a great place to save your PIN codes.