Should you find yourself in a chronically leaking boat, energy devoted to changing vessels is likely to be more productive than energy devoted to patching leaks.”
― Warren Buffett
An information leak is when your private information gets released without your permission. This can happen through an incident like a data breach. Your private information is highly valuable so it’s important to understand what you can do to protect it and what to do if your information is leaked online.
Find out more about what a data breach is
How this information gets released
The information can come from data breaches of businesses or organizations. Information leaked from breaches can be published online, and can contain information from one source, or from a range of sources.
When the details are published online, it’s not always immediately obvious where the information has come from. The companies involved may not be aware that the information is online.
Often it can be the result of a website or service suffering a security incident, and the information being stolen from their systems. This information might be sold, or publicly released online or to others. Large scale information leaks are often traded by cybercriminals, mixed in with information from other leaks, and sold again.
Types of information
The types of information varies in each release, depends on what service the information was obtained from. It can be personal information like your name and address, or even medical or financial information. It can also be your username and password, often including email addresses. This is often called a credential dump.
The impact of an information leak also varies depending on what information was leaked. A credential dump can let someone else access your online account, or other accounts that use the same username and password. With this information, someone might use your email account to send spam or phishing emails, or access other services like your online banking.
How to protect your private information
It’s important to protect privacy and have control over where your personal information goes and who has access to it. Taking a few simple steps can help you secure your information.
- Only share as much information online as you need to and make sure you have strong privacy settings on all online accounts.
- If you feel you’re being asked to provide a business or service with more private information than you feel is relevant, check what the information is being used for.
- Use strong, long and unique passwords on your accounts, that way if your password on one account is leaked you only need to update that one account and your other accounts are safe.
- Turn on two-factor authentication for all your online accounts to add an extra layer of security.
Use two factor authentication (2FA)
Find out if you’re affected
If you’re concerned that some of your personal information has been released through a data breach:
- contact the relevant business or organization to see if the breach affects any of your accounts
- change the passwords for any accounts you think may be at risk
If your information is released
If your email address has been part of a breach, change the password for that account immediately.
Some people make patterns of their passwords, to make them easier to remember. Unfortunately this also makes them easy to guess. If you have reused a password on other accounts, or have a password pattern, change the passwords for those other accounts too. If your password for Adobe is Adobe123 and that information was part of a credential dump, attackers will go and try Twitter123 and Facebook123 with your email address.
What to do if your identity is stolen
If you’ve been a victim of identity theft, contact the police or PNGCERT.
Ways to protect your information.
- Use different passwords or passphrases for each account. Use a password manager to help keep them safe.
- Enable two-factor authentication on your accounts
- Fake login pages can be very convincing. Enter the website address directly or use a bookmark in your browser, instead of following a link. This prevents fraudsters sending you to the wrong place.