(0:00 - 2:33)
Imagine this, you wake up, check your phone, and find out your email, password, or even your social media number is being sold on the dark web. Chills, right? Data breaches are a digital nightmare and they happen all of the time. In 2024, over 1.7 billion personal records were exposed globally.
That's billion with a B. And you might be wondering, am I one of those emails? Well, don't panic. There's a free tool that I'll show you later called Have I Been Pwned that will help protect your data online. Today, we're diving into how data breaches happen, why they're a big deal, and how this website keeps you one step ahead of hackers.
Let's jump in. Privacy Academy with Eric Meador. So what's a data breach? A data breach is when hackers or sometimes sloppy companies let out important information like emails, passwords, or credit card numbers fall into the wrong hands.
This could be things like your bank account login or that cringy username that you made for a forum in 2007. And it's not just small businesses getting hit. Big names are dropping the ball too.
Let's take a look at the Equifax breach in 2017. Hackers exploited an unpatched software vulnerability and stole data from 147 million people, including social security numbers and birthdates. Or the Yahoo breach in 2013, which exposed 3 billion accounts.
Pretty much every user they had. In 2024, Ticketmaster got nailed with 560 million users' data like names and payment details leaked to the dark web. So how do breaches happen? Hackers have a playbook.
Phishing attacks trick employees with fake emails like, your account's locked, click here. Unpatched software leaves systems open to attack. Stolen credentials, often from weak or reused passwords, are a huge issue.
And insider threats happen when employees leak data or accidentally or on purpose. Once hackers grab your data, they sell it on the and they sell these things for pennies on the dollar. Once your data's out there, it's gone forever.
That's why Have I Been Pwned is such a great website. But before I get into that, I want to get personal for a second. A data breach isn't just a news headline.
It can mess up your life. Here's how. First off, there's identity theft.
If hackers get your social security number or credit card info, they can open accounts, rack up debt, or file fake tax returns. Then there's credential stuffing. Hackers take your leaked email and password from, say, a random app you used in 2019 and try it on your email, bank account, or PayPal.
Why? Because tons of people reuse passwords across sites. And don't sleep on phishing scams. Hackers use your leaked email or phone number to send fake texts or emails like, your Amazon account's locked, click here.
(2:33 - 2:59)
That looks scarily real. If you click on that link, you're toast. I've seen this happen to many people.
Most people don't realize that they've been breached until it's too late. That's where Have I Been Pwned comes in handy. Let's break it down.
Say hello to Have I Been Pwned, the internet's early warning system for data breaches. All you have to do is go to haveibeenpwned.com, type in your email or phone number, and it checks if your info's been in a known data breach. Its database has over 12 billion compromised accounts from thousands of leaks.
(3:00 - 3:27)
Think Adobe, LinkedIn, or streaming websites. Have I Been Pwned also checks passwords. They've got over 800 million compromised passwords in their Pwned Passwords database.
You enter your password securely, it's hashed, and find out if it's been leaked. If your password is 123456, it's been pwned millions of times. I even checked my old email, and boom, pwned.
But don't worry, if your account is pwned, that doesn't mean it's game over. It just means that there's some important next steps that you should take. And Have I Been Pwned doesn't leave you hanging.
(3:27 - 4:24)
It tells you which breach your data's from, what got leaked, like your passwords or addresses, and suggests steps like changing passwords or enabling 2FA. You can also sign up for notifications to get alerts if your email pops up in a new breach. It's like a cyber security guard dog.
So let's say you checked out Have I Been Pwned, and maybe you did get pwned. Well, here's my top 5 tips to lock down your digital life. 1. Use strong and unique passwords.
Forget password 123, and get a password manager. We talk about this in detail at Privacy Academy. Password managers generate and store complex passwords for you.
I've used one for years, and it's a total game changer. A special side note, if you have been pwned, and you reuse your password, this is a very essential step that you should take right away. 2. Enable two-factor authentication or 2FA everywhere.
It adds an extra step, like a code sent to your phone, that stops hackers, even if they have your password. Your email, PayPal, your bank, all of these companies should support 2FA. 3. Check back in Have I Been Pwned regularly.
(4:24 - 4:33)
Breaches happen all the time, so check your emails, and if you want, sign up for notifications too. 4. Dodge phishing scams. If you get an email or text saying your account's locked, click here.
(4:33 - 5:24)
Don't click it. Check the sender's address, and if it's sketchy, it's a trap. 5. Freeze your credit if you're worried.
And here's a side pro tip. If you're still rocking the high school password, it's time for an upgrade. Your 2010 email password isn't holding up.
Now, as you can see, you're on haveibeenpwned.com, so let's go ahead and enter one of my old email addresses. This is one that is retired, but germankiwiatlive.com. I use this because my mom's German, my dad's New Zealand, German Kiwi. Pretty clever for a sixth grader, I think.
Oh no, seven data breaches. Yep, that's what you'd expect from a seventh grader's email. Oh no, Hot Topic.
Okay, this is embarrassing. Hot Topic, and you can see my date of birth, my gender, my email address. Partial credit card data.
That'd probably be the last four. Gravatar, I don't know what that is. StockX.
(5:26 - 6:26)
Collection1. BlankMediaGames. Yep, so as you can see, it just goes through the list of everything where there's been data breaches.
Some of them are less severe, like this is email address, password, username. Still dangerous, especially if you reuse your password, but you can see here, like partial credit card data, that's concerning. So it is a great tool, and once you fill it out, it's a great way to figure out, okay, what are the next steps that you should take? So with all that said, Have I Been Pwned is a great resource.
Online privacy and security is not just about protecting your liberty, it's also about protecting your livelihood from bad actors and scammers. Hackers, scammers, and thieves are the immediate threat. I've seen countless people lose their livelihood due to bad actors online.
The problem is most people don't realize until it's too late. Prevention, unfortunately, never feels as urgent as finding a cure after something happens, but I really recommend that you take the steps to get private and secure online. So check out haveibeenpwned.com, and also check out privacyacademy.com if you want to take the next steps at becoming private and secure online.
Thank you!
