Data leak - What is a leak? Are you affected?

The best protection against online dangers is common sense. But even if you do everything right, you can still fall victim to one online danger or another. A data leak is one of them.

What is a data leak?

A data leak is when private data you have left with a company is made public. This can happen through criminal energy, such as a targeted attack by hackers, or it can be accidentally caused by the company. Unsecured databases are especially often the vulnerability that is exploited.

Cyber criminals can then wreak great havoc with your data - they particularly target the following information:

User names and passwords
Sensitive information such as passwords is not usually stored by companies in plain text, so ideally they can only be exposed as hashes even in the event of a data leak. But while strong hashes still offer relatively high security, weaker hashes can be cracked, and it happens time and again that passwords are exposed in plain text - for example, in the 2018 attack on the chat provider Knuddels. Cybercriminals can then use the credentials of one service to engage in credential stuffing, i.e., force access to other web services with the same or similar login data.

E-mail addresses
If your email address falls into the wrong hands, it can be used for spam or extortion emails.

Personal data
Of course, there is a lot more personal data that cybercriminals can steal and misuse - from your address to your date of birth. With the stolen information, they can commit identity theft and, for example, conduct business on the Internet under your name.

Data leaks have already occurred in numerous companies, some of them very well-known. Well-known examples are the data leaks at AOL in 2004, or the major Facebook hack in 2018. The social media giant lost the access tokens of around 50 million users, which gave attackers access to their Facebook profiles and private information on a large scale.

Am I affected by a data leak?

Especially when major data leaks become public, they are usually hotly debated. As soon as the data records are known and circulate in Internet forums, for example, there are a number of providers who collect this data and integrate it into a database. Those you can search to find out if your email address is affected. Here is an example:

haveibeenpwned.com
On Have I Been Pwned, you can check if your email accounts have been compromised in a few seconds. After entering your email address, you can immediately find out whether and how often providers with which your email data is stored have been affected by data leaks. However, the service is only available in English.

What should I do if I am affected by a data leak?

Exposed password lists are often used for credential stuffing. If you are affected by a data leak, you should therefore not only change the password at the affected provider, but also at all other services where you use the same password.