Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I’m doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can’t or it seems like I can’t.

Even though I know better than to put such personal info online, but that doesn’t eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.

  • NoneYa@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    3 months ago

    Not much you can do except:

    • change your password for that account that was breached. Also enable and consider reconfigure your MFA. The breach bypassed this, but it won’t hurt to reset it.

    • but if you reused that same password for any other accounts, reset those passwords ASAP and do not reuse passwords for multiple accounts. Use a password manager like BitWarden to manage your passwords and also create sophisticated, unique passwords to help with this. The reason for this is if the breach stole your password and email/username, the hackers may try to use that information on other websites to see where else you used that same combo so they can break into those accounts with this newly acquired information. Some websites’ security is lacking, to say the least, and put your other accounts at risk.

    • if in the US, freeze your credit. This isn’t foolproof, but it can help to make it slightly more difficult. Also consider getting something to monitor your credit and send you notifications if anything new has been set up with your credit. Most banks offer this either for free or for a monthly subscription now too. Or you can use something free like Credit Karma or the credit bureau to check. But a notification helps to stay on top if someone uses the information to get credit with your information. Not sure about those outside of the US, sorry.

    • consider filing or joining a class action lawsuit. These fucking companies that lax security deserve to be sued to be reminded and shown as an example to others that we’re sick of having our information so easily accessed by hackers. They need to take security seriously or pay up to help ease some of the suffering and frustration we go through due to their incompetence. Suing them also forces them, in some cases, to buy subscriptions to monitor your credit which can be helpful.

  • cerement@slrpnk.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    3 months ago

    look on the bright side, most of these are more likely leaks instead of breaches – following the discussions around Crowdstrike and it’s pretty clear that getting the box checked on the compliance form takes priority over any actual security measures

      • Rikudou_Sage@lemmings.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        Leak = some employee did a stupid and accidentally released the data publicly. Huge possibility no one ever saw it before it got taken down.

        Breach = intentional stealing of data.

  • ParticleAccelerator@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    You dont use a central singular email address, you use dummy throw away ones with fake names. If it gets leaked, minimal damage.