Breach Data
It even happens on Ted Lasso. In season 3, episode 8, Keeley’s private video is leaked on the internet. It seems that her former boyfriend, Jamie, may not have used the best security practices, even using the password, “password,” for his email account. In 2022, there were 1,063 data breach incidents, accounting for 480,014,323 total breached records. So far in 2023 large companies such as T-Mobile, ChatGPT, Chick-fil-a, Activision, Norton Life Lock, and Yum Brands have all had data breaches of users’ personal information. Given the number of data breaches, almost everyone (except for the most intense privacy seekers) has had their personal information made publicly available, allowing threat actors easy access to personal details which could be used for other cyberattacks or identity theft. While many victims of breach data are provided with free credit monitoring from the breached company, they are still left vulnerable to other types of attacks.
Breach data includes personal information such as name, phone number, email address, IP address, physical address, password, banking or credit card information, and even social security number from a specific online account. Often, hackers gain unauthorized access to users’ information utilized on a website, scrape all of the account data available, and then post or sell it on the dark web. Breach data is also available through a variety of platforms on the surface web through paid subscriptions which anyone can easily access.
Threat actors can utilize this information for several different purposes, including identity theft to apply for loans, social media account takeovers, controlling smart devices, conducting medical fraud (utilizing insurance benefits in your name), and tax or financial fraud. Additionally, threat actors can utilize the information to put together targeted phishing attacks, targeted physical attacks, or easily find more personal information or accounts.
Not only can breach data be harmful for an individual, but a threat actor could utilize an individual’s compromised information to gain access to the individual’s work accounts. Putting a company at risk.
Du-Zel typically utilizes access to breach data to show a client what information is available to threat actors about them, to try to identify other personally identifying information on a client, or to identify other accounts for the client.
You can check to see your own vulnerability from breaches on sites such as https://haveibeenpwned.com/ or for further details on your available information, https://www.dehashed.com/. (Note: Du-Zel practices OSINT for good and accesses this information with the consent of our clients. We only recommend utilizing these types of sites to search for your own information in order to understand your vulnerability, not to research your best friend’s new boyfriend.)
Here are some things to keep in mind to better protect yourself:
Don’t be like Jamie! Each account should use a unique, random, and strong password that is at least 12 characters and includes a variety of letters, numbers, capital letters, lowercase letters, and symbols.
Do not utilize the same password on multiple accounts.
Store all of your passwords in a password keeper in order to keep all of the information in a safe place. These password keepers can also generate secure, random passwords for you.
Utilize two-step or multi-factor authentication (MFA) on all accounts possible.
Update your computer, browser, or application software as soon as an update is available. Many of these updates include security updates to their software to help prevent data breaches.