A log-in window (iconic image): Internet users should check if their credentials have fallen victim to a data leak. If this is the case, the password must be changed. (Source: Jens Buttner/ZB/dpa)
Hackers, spammers and scammers often get hold of users’ email addresses and passwords in a roundabout way. An online check shows how great the risk is and when users should react.
How to check their email address for identity theft
Photo series with 3 images
Data protection is a question of trust. Because anyone who enters their contact details, passwords and other personal information on a website or in a form must be able to trust that this information will be treated confidentially and kept safe. Unfortunately, it has been shown time and again that many companies do not take the topic of data security seriously or are overwhelmed with the task.
While EU data protection authorities can hold responsible companies accountable and fine them if necessary. For users, however, this is little consolation: once the data is in circulation, no one can retrieve it. In such a case it is only a matter of damage limitation.
How to find out if you have been compromised?
The German Federal Office for Information Security (BSI) advises Internet users to continuously check whether sensitive data such as user names and passwords have been stolen from them in known data leaks. Databases into which security researchers enter compromised access data after hacker attacks or data leaks can be helpful here. The BSI recommends the following databases for this purpose:
"Have I been pwned"
Security expert Troy Hunt runs the "Pwned Passwords" query service and "Have I been pwned?". Users can enter their mail address here. You will then receive information on whether the address has been the victim of a data leak. Click here to go to the website of "Have I been pwned?" to get.
Mozilla’s query service accesses the database of "Have I been pwned??" back, works almost identically, but differs in one practical detail: Because the result of the query is valid only for the moment, you can also register on the monitor page with a mail address and then immediately get notified if your own data should appear on the net. Click here to visit the Firefox Monitor website.
Also handy for Firefox users: The browser sounds an alarm if you are surfing on a page that has been hacked or on which there has been a data leak. A notification then opens below the address bar, informing about the time and extent of the attack or leak, for example, and advising a monitor query.
Identity Leak Checker
Another query option offered by the Hasso Plattner Institute (HPI) in Potsdam, Germany. Email addresses must be provided here, too. Database matching then checks whether the mail address has been disclosed on the Internet in conjunction with other personal data such as telephone number, date of birth or address and could be misused. Click here to go to the website.
This service also works with e-mail addresses. The ad-hoc query as well as the monitor service with one mail address are free of charge. Click here to go to the Breach Alarm website.
For added protection, use the aforementioned two-factor authentication, which requires entering a code in addition to login credentials.
What should I do if my mail address is found??
At the latest when one’s own mail appears on one of these services, users should think about a new password and, if possible, two-factor authentication, said Linus Neumann of the Chaos Computer Club. What this is and how it works is explained here.
And beware: The fact that a password is not in this or any of the other databases does not mean that it is secure. Tips on secure passwords can be found here.
It is particularly important to have a well-secured e-mail account, because it is often a kind of master key for many other services that send links to reset the password by e-mail. As a tool to manage and use many different good passwords, the BSI advises password managers. You can find a guide on this topic here .
Delete old accounts
You should also regularly delete old accounts. How to find and delete forgotten accounts can be found in this guidebook.
- Stiftung Warentest:One of the best password managers is available for free
- "Change your password"-Tag :How secure is your password?
- Online quizzes:This Google test shows whether you are the perfect phishing victim
The reason: The more unused accounts you have, the more likely you are to become a victim of fraud. Because with the information from one account, criminals can often also access data from other accounts.