Data breaches

Imagine you have an account with an online bookshop. You use a hard-to-guess password and do a great job of keeping it secret.

Then one day someone hacks into the bookshop’s website and downloads a million customers’ passwords, including yours. This is a data breach. They happen often, in varying scale and severity.

Companies can be fined for not taking adequate measures to protect your data, but can never achieve total security. In any case, there’s also the possibility of a disgruntled employee leaking it.

The upshot is that nowadays much of what we consider private information may not remain private forever. In the case of passwords, this means other people may occasionally gain access to your email or other online accounts—even if you, personally, are as careful as you can be.

Finding out

While caches of stolen passwords may be traded ‘underground’ for money, they can also end up on the Internet. The positive side to this is that services like Have I Been Pwned can alert us when our data appears in a public breach, so we know it’s time to change our passwords.

In December 2019, Google added a feature to Chrome that automatically checks every username and password you type against a database of known breaches, and warns you if they have been compromised.

What to do

If you discover that you’ve been affected by a data breach, don’t panic—it’s not your fault, and doesn’t mean there’s anything wrong with your computer. You just need to visit the website in question, and change your password.

You should also consider using two-factor authentication on your accounts. It can prevent unwanted access even if someone knows your password.