The month of October is Cyber Awareness Month, a government initiative used to remind everybody to take adequate precautions to remain secure online. The recent Optus data breach is a good case study to illustrate the importance of data security, and that when something goes wrong how widespread the effects can be.
To keep with the theme of this year’s Cyber Awareness Month “Have I been Hacked?” This article will cover signs of a hack taking place, as well as how to monitor email addresses and phone numbers being involved in data breaches using a basic tool. There are usually signs that suggest that a computer or account has been hacked, from the more certain signs such as files are encrypted and there’s a ransom note asking for payment in bitcoin to the less certain such as passwords are suddenly invalid or unusual network traffic patterns are observed.
Here are some signs that may suggest a hack has taken place
- Unusual network traffic patterns are observed
- Disabled Antivirus and task programs
- Friends receive invitations from somebody that didn’t send them
- Software is installed without permission
- Frequent, random popups
- Auto redirects to other websites
- Fake Protection/Scan Alerts
- Seeing messages that files have been encrypted
- Passwords are suddenly invalid
- Mouse movement without input
The presence of one or more of the above signs could suggest that a hack has taken place. Depending on the sign, necessary steps should be taken and depending on the severity it might be worth seeking professional cyber security advice. The prevention of such events largely revolves around the securing of data, which involves utilisation of sufficient passwords and multi-factor authentication and changing passwords if they are breached. If a user wants to monitor their data and whether it’s been part of a data breach, there are websites that are great utilities for checking this data. The main one that will be focused on is www.haveibeenpwned.com (HIBP).
The HIBP website allows a user to check whether their personal data has been compromised due to data breaches. Checking for these breaches is useful because it indicates what data was breached, and suggests that the password(s) associated with accounts related to that website or service should be changed.
The HIBP website was launched in 2013 by web security expert Troy Hunt in response to the fact that breaches could impact users who had no idea that their data was compromised and thus developed HIBP.
How to use the HIBP site
When you first go to haveibeenpwned.com you will see this page:
From there you simply type in an email address or a phone number you’d like to check for data breaches. It will then display whether or not the supplied identity has been involved in a data breach (see below)
Ideally your data input doesn’t return a positive breach such as above, however, it is likely that your data has been a part of a breach at one time or another. It is important to note that even though your data may have been part of a data breach doesn’t necessarily mean that you’re going to run into any problems, it just simply reaffirms that basic security practices such as not re-using passwords across sites or services and setting up multi-factor authentication do a lot in terms of keeping you safer on the internet. Using the tool above you should now be able to regularly monitor data breaches, and change passwords for sites and services as required.