It is common to read news about massive leaks of emails and passwords. This is data that is exposed as a result of security breaches or that may have occurred due to vulnerabilities or security flaws in the systems. Sometimes they are the result of recent incidents and in others, of problems identified long ago but the associated data is still shared.
Those lists that are filtered with a combination of emails and passwords that are usually shared on the dark web and, from time to time, can also appear on the superficial or “traditional” web, which is the one we all know and use on a daily basis, when we browse to consume or share content of all kinds.
How to know if the password was leaked
There is a site where you can check if your password was exposed in a security incident. Is named Have I been pwneddeveloped by cybersecurity specialist Troy Hunt, who became well known when he raised the alarm about one of the biggest data leaks in recent times: databases with 773 million emails and 21 million passwords were published on the web.
Back then, Hunt developed that page where, when entering the email, it is indicated if that email address appears in any reported leak. In addition, it is clarified in which incident the information was leaked and what type of data was exposed.: perhaps it was just the password, or also the telephone number, address or some other confidential information
On the other hand, the site firefoxmonitor it also uses that same information base to inform the user if their email appears in any of the massive leaks discovered and reported. The difference is that it has an interface that can be more user-friendly. In any case, in both cases the same information is obtained.
In turn, also It has a security option that warns the user if he is using a password that was exposed. This tool, which was initially available as a Chrome extension, has been integrated into the browser for more than a year.
If this security risk is identified, the system alerts the user and suggests changing the password. This tool is also integrated into the Google account and appears in the Password check section.
Why is it important to know if the password was leaked?
If it is known which password was leaked, then the user can become aware of the risk of being hacked in the site(s) where that password is used. Y Being aware is the first step in taking precautions.
Besides, many times cyber attackers use that information to make extortion and taking money from the victims.
There have been known cases of mailings in which the criminal tells the user in question that he has videos of his privacy or that he was recorded while looking at pornographic content or any other comment that works as a hook.
It is likely that the attacker does not have this content, but since he sends an email where he writes his password (to which he had access in some massive leak), this will make him doubt and he could fall into the trap.
In return, cyberattackers often ask for cryptocurrency transfers so that the content is not spread. It is important to point out that this type of extortionary practice should not be accessed because doing so fuels the spread of this type of crime.
What is recommended to do in these cases is to file a complaint with the corresponding entity so that a judicial investigation can be initiated.
What to do if the password was leaked
1. The first point is to change the password in the account associated with the leak and in all the others where that same password is used.
2. Generate a strong password. For which you can follow the steps indicated in this note.
3. It is important to note that the same password should not be used on all accounts. To have different options in each profile, you can use a password manager. Even the Google account has a built-in password manager, which can be accessed from here.
4. Activate the second factor of authentication. By enabling this option, the system will ask the user to enter their account, not only the password but also a second element that can be a token or PIN that is received by SMS or application. You can even choose, in the case of Gmail, to use an alert that reaches the mobile. Another option is to use a physical key as a second authentication factor.
This note explains step by step how to activate this security measure in different accounts.