Public Service Announcements

Dealing with personal password breaches

Cooper Netties received this content via email from a colleague at NetApp, and felt it really deserved wider distribution ...

"I have had friends, family and now customers asking me for advice regarding some extortion emails that have been doing the rounds over the last couple of months. I thought I would send these tips, particularly for the non-tech folks who might just ignore the email (or worse respond to it).

The emails typically go to the SPAM folder but sometime not. The subject line of the email typically has a current or former password of yours. The email may even appear to come from you to add to its apparent authenticity. The content indicates that you have been filmed by your laptop while accessing various porn sites.

Typically, we would ignore these but you should take some action regarding it. Although its highly unlikely they have installed spyware on your devices, In case you hadn’t noticed they have referenced a password of yours. To identify and fix the risk:

  1. Go to the website https://haveibeenpwned.com/ and enter in each of your email addresses. This website will scan through data dumps going back over the last 10 years + and Identify the websites where your email address has been leaked from. It also tells you what kind of data has been leaked including credit cards, dates of birth and so on.
  2. Change your password on those websites that are listed. Also change your password wherever you have used the same password.
  3. Install lastpass or a similar password manager and generate unique passwords per website. Lastpass will remember the password for you and will sync across devices and browsers. Lastpass also has a security checkup feature that will give you advice regarding your risk profile of your passwords and where you have accounts registered vs. further known data breaches. Lastpass can be obtained here, I use the free version. https://www.lastpass.com/

You can’t do much about the data breaches but you can limit the access to your accounts. That way, one breach does not give access to all of yours accounts. This is especially important where accessing further accounts might reveal information such as your credit cards.