By Martin Edwards
Imagine you have an account with an online bookshop. You use a hard-to-guess password and do a
great job of keeping it secret.
Then one day someone hacks into the bookshop’s website and downloads a million customers’
passwords, including yours. This is a
data breach. They happen often, in varying scale and severity.
Companies can be fined for not taking adequate measures to protect your data, but can never
achieve total security. In any case, there’s also the possibility of a disgruntled employee
The upshot is that nowadays much of what we consider private information may not remain private
forever. In the case of passwords, this means other people may occasionally gain access to your
email or other online accounts—even if you, personally, are as careful as you can be.
While caches of stolen passwords may be traded ‘underground’ for money, they can also end up on
the Internet. The positive side to this is that services like
Have I Been Pwned can alert us when our data appears
in a public breach, so we know it’s time to change our passwords.
In December 2019, Google added a feature to Chrome that automatically checks every username
and password you type against a database of known breaches, and warns you if they have been
What to do
If you discover that you’ve been affected by a data breach, don’t panic—it’s not your fault,
and doesn’t mean there’s anything wrong with your computer. You just need to visit the website
in question, and change your password.
You should also consider using
two-factor authentication on your accounts. It can
prevent unwanted access even if someone knows your password.