More records are stored online than ever — and it's becoming increasingly common for large swaths of personal data to fall into the hands of cybercriminals.
Over 4 billion records have been stolen or accidentally leaked in the past decade, according to data collected by Privacy Rights Clearinghouse, with more than 7,000 separate breaches in that time, and the frequency of mega-breaches that compromise tens or hundreds of millions of people's data is on the rise.
Most recently, a hacker published the personal data of 533 million Facebook users online for free, Insider reported Saturday, including names, phone numbers, email addresses, account IDs, and bios.
Cybercriminals use leaked personal data as a starting point for countless other scams. Stolen records are regularly circulated online by cybercriminals and used for fraud, while hackers can try to break into companies' systems to deploy ransomware or extort them.
Here's how to determine whether your data has been exposed in a breach and how to protect yourself.
Companies are legally required to notify users when their data is breached, but those disclosures are often made through vague public statements, and individual consumers can be left in the dark. Thankfully, security researchers keep exhaustive records of past data points that you can use to check whether you were affected by a breach.
One such resource is HaveIBeenPwned.com, a database maintained by security analyst Troy Hunt. The site lets anyone enter their email address and cross-references it with more than 10 billion accounts compromised in past breaches to determine whether they've been "pwned," or compromised.
In some cases, passwords are also exposed in data breaches. Hunt's site also provides a password search that lets people know if their password has ever fallen into the hands of hackers.
If you find out your personal information was stolen in a breach, it's time to protect your identity. Doing so depends on the severity of the data stolen — if your social security number or drivers' license number were stolen, you'll need to file a report with the appropriate government agency.
But in most cases, data breaches include less sensitive information like emails and usernames. If your email address was exposed, you should change your password to that email account and set up multifactor authentication to secure your email.
If you find out your password itself was exposed, you can no longer count on that password to keep your accounts safe, and should immediately change your passwords on all affected accounts. Setting up multifactor authentication is also a best practice.
Finally, stay alert for any suspicious activity on any of your accounts. If you do detect suspicious activity, change your password and contact that account's administrator.