Let’s Talk Data Breach: Real Risks and Simple Steps to Stay Safe Online

Multiple cybersecurity lapses around the globe have initiated discussions on the necessary steps required to safeguard sensitive data. However, a recent data breach raised considerable alarm after Jeremiah Fowler, a security researcher, came across a database containing over 184 million usernames and passwords, stored in plain and unencrypted text. These included login credentials for Google, Apple, Microsoft, Facebook, Instagram, banks, health platforms, and even government portals.

No one wishes for their information to be displayed on a notice board for the entire world to see and access, so the question arises: What can you do if your information is compromised? 

In this article, we break down how these breaches happen, the warning signs that your data might be at risk, and most importantly, what you can do to protect yourself.

• System Infected: After gaining access to a computer system, likely through phishing emails, malicious advertisements or links, or downloads, cybercriminals install ‘infostealer malware’. 

• Data Harvesting: The malware employs various techniques to acquire sensitive data, some of which are listed below:

  - Keylogging: Recording keystrokes made by users on their device

  - Form grabbing: Stealing credentials from web forms before they are encrypted

  - Clipboard hijacking: Intercepting information a user copies and pastes on their device

  - Screen capturing: Taking screenshots of the user’s screen at critical moments

• Mass Collection: Cybercriminals then collect and create a massive database, which they are likely to sell or trade on the dark web. This results in further exploitation, whereby hackers can hijack users’ accounts, commit financial fraud, and steal additional sensitive information.   

• Receiving security alerts regarding logins or password reset requests from unknown devices and locations. 

• Unauthorised charges on your cards, bank withdrawals, or the creation of new accounts. 

• Friends, family, or colleagues receiving emails or messages from you when you have not sent any. 

• Strong Passwords: Regularly update your passwords. Create complex or unique passwords for all your accounts; consider using a password manager to help you manage them effectively.

• Multi-Factor or Two-Factor Authentication: Enable multi-factor or two-factor authentication on your devices to add extra layers of security. Even if a cybercriminal has your login details, they cannot access your account unless they provide the second factor of authentication. 

• Software Update: Keep your devices on auto-update and scan your system using a trusted anti-virus software to detect any malicious programmes.

• Notify: If any of your financial information has been exposed, promptly notify your bank to assist in monitoring your accounts and freezing them if necessary.   

• Report: Report the incident as soon as possible through a government portal such as Chakshu (https://sancharsaathi.gov.in/sfc/) and the national cybercrime helpline number—1930. You can also lodge a complaint with the local police station.

The Quint's Scamguard initiative aims to keep up with emerging digital scams to help you stay informed and vigilant. If you've been scammed or successfully thwarted one, then tell us your story. Contact us via WhatsApp at +919999008335 or email us at myreport@thequint.com. You can also fill out the Google form and help us take your story forward.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)