ProtonBlog(new window)
Inscreva-se por RSS

What to do if your data is leaked?

Eamonn Maguire(new window)

Compartilhar esta página

In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring(new window). Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often a quick reaction to a data breach can protect your digital identity and prevent any losses.

The impact a breach can have on your life depends greatly on the type of information that was exposed and to whom.

There are two general classes of data breaches: those where the service that leaked your information is known, and those where it is not. Massive data breaches like those that have occurred for LinkedIn(new window), Facebook(new window), and X.com(new window) pose a different set of problems to those where a set of email/password combinations (combo lists) are sold or given away online by hackers.

This article includes general recommendations to mitigate the damage if your data leaks in a variety of scenarios. If you use Proton Mail’s Dark Web Monitoring service, we will give you actionable advice along with any breach notification you receive.

What is a data breach?

A data breach is when confidential, sensitive, or protected information is accessed or disclosed without authorization. This can involve the unintended release of personal data, such as social security numbers, credit card details, personal health information, or other personally identifiable information (PII). Data breaches can result from cybersecurity attacks, such as hacking or phishing, as well as from internal leaks or failures to secure data adequately.

Steps to take after a data breach

If the source of a data breach is known, you should immediately go to the service and check for any signs of unauthorized activity on your accounts, such as difficulty logging in, unexpected changes to security settings, receiving unfamiliar messages or notifications from your account, logins from unusual locations or at odd times, and unauthorized money transfers or purchases from your online accounts.

Some general steps to follow to secure a breached service include:

  1. If you’re unable to log in to the account, contact the provider’s customer support to try to regain access.
  2. If you have access, ensure your security settings, such as your recovery email, have not been changed. If they have, change them back.
  3. Change your password and use a password manager such as Proton Pass(new window).
  4. Log all devices and apps out of your account.
  5. Set up two-factor authentication(new window) (2FA).
  6. If the breached service is an email provider, it’s important to review your email filtering and forwarding rules. Criminals often establish forwarding rules on compromised email accounts to receive copies of all incoming emails, enabling them to intercept 2FA codes or reset passwords, for instance.
  7. If the service is a communication system or social network more generally, it can be a good idea to notify contacts that you have been breached and for them to watch out for suspicious messages and posts.

Dealing with the aftermath of a data leak

Even if you manage to secure a breached account, your email address, password, credit card number, physical address, and other information could have been leaked at the same time.

While all leaked information has some level of potential damage, some information is clearly more valuable than others, in particular:

  • Email addresses: Your email address is your online identity(new window), the passport all your accounts ask for when you log in. However, if your email address is all that’s exposed, you should be safe (hackers will still need to try to brute force your password to access your account). 

You should:

  • Remain vigilant for phishing emails, especially those that may arrive sometime after the breach becomes public knowledge. Look out for senders impersonating services that write to you regarding “resetting passwords”, “claiming compensation”, or “missed deliveries’’. These and urgent requests to act immediately or within a limited timeframe are red flags.
  • Enabling 2FA is an excellent way to protect your account from attackers because even if they obtain your password they will still be unable to enter your account without an additional piece of information on your device.
  • Use hide-my-email aliases(new window) when signing up to sites to protect your identity.
  • Passwords: Exposed passwords, login credentials, or encryption keys can enable unauthorized entry into your accounts, potentially resulting in additional security breaches and data theft. While plaintext passwords are generally more severe in nature, some websites may store passwords using weak hashing methods like MD5, which can also leave your passwords vulnerable to attack. Conversely, passwords leaked from websites where passwords were encrypted or hashed using stronger algorithms such as SHA256 or bcrypt will inherently offer greater resistance to attacks.
    Therefore, if plaintext or weakly hashed passwords have been exposed, you must change them immediately. We strongly recommend using a password manager, such as Proton Pass(new window), and 2FA(new window) wherever possible.
  • Credit card numbers: If your credit card number is leaked, you should put a hold on it immediately by calling the emergency number on the back of the card. It is also worth paying attention to your bank accounts and credit card statements and reporting any fraudulent transactions as soon as possible.
    If the source of the data breach is known, they will often provide subscriptions to credit monitoring software such as Experian so that you can mitigate financial risks.
  • Phone numbers: This can lead hackers to target you with phishing text messages, trying to catch you when you’re tired or not paying attention. You can protect yourself from spam calls in the UK with the Telephone Preference Service(new window) or in the US with the National Do Not Call Registry(new window). Other countries likely have similar services, which you can search for online. In addition, be wary of phishing attempts.
  • Social Security numbers: Social Security numbers are an important piece of information, particularly in the US, and can be used along with your name, address, and date of birth to set up credit cards or take out loans in your name. If you find out your Social Security number has been stolen, you should immediately report the theft to identitytheft.gov(new window), place a credit freeze, and add a fraud alert.

Though not exhaustive, this list covers the most commonly breached information. With almost 4,000 data breaches of 1.8 billion records happening in February 2024 alone, criminals are able to build up information about users across breaches to construct profiles containing not only your email addresses and passwords, but also your occupation, past employment, marital status, and more, making it easier to carry out more sophisticated phishing attacks. For example, this tool(new window) allows you to visualize your breach profile here.

Use better encryption to prevent data leaks

Many data breaches could be prevented if more online services used end-to-end encryption. At Proton, this form of encryption is at the heart of our security architecture. Whether it’s protecting your emails and attachments in Proton Mail or securing your files in Proton Drive, your data is encrypted on your device before uploading to our servers. That way, if hackers ever were to gain access to our systems, your information would remain encrypted because only you can unlock your data with your private key.

Learn more about Proton’s end-to-end encryption(new window)

Proteja seus e-mails e sua privacidade
Obtenha o Proton Mail grátis

Artigos relacionados

en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
  • Princípios básicos de privacidade
What is a brute force attack?(new window)
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
en
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
en
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
en
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage
chrome password manager
en
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers