Pwn is a slang term derived from the verb own. It means that your account has been taken over by someone else or they have obtained access to details that allow them to do so, such as usernames, passwords, or security details.
Compilation of All Breaches (COMB) is the largest data breach, containing 3.2 billion email and password combinations. All of these have been collected from smaller hacks on companies like email providers, online retailers and media companies. This data, along with other smaller data breach information, is sold on the Dark Web for scammers to take advantage of. It’s like purchasing an illicit mailing list. You can check if you have been pwned, by visiting a website like https://haveibeenpwned.com/ where you can enter your email and see if your details have been breached in this or any other data breach.
How can you prevent this happening to you?
- Do not use the same usernames and passwords for multiple accounts.
- Change your passwords regularly – if you happen to be in a data breach, hackers should not have access to your accounts for too long if you keep your passwords updated on regular basis.
- If you do tend to use the same passwords for different sites, use a password manager and reset them to something different for each website.
- Use 2-factor authentication when possible.
How do hackers use this data?
- Once a hacker has your details, they can gain access to bank accounts, shopping sites, social media and other accounts that may contain sensitive data
- Email accounts can be used to send ‘phishing’ content to try tricking users to click on malicious link. These can install malware on your device or steal more of your personal data
- With access to an email account, hackers can intercept emails to gain information or even amend things such as payment details on invoices, syphoning off money to their own accounts.
- If all your passwords are the same, once one account is breached it gives easy access to every other account. If the first account to be accessed is your email that will often link to all the other accounts you have, from banking to shopping, mobile telephone and other subscriptions.
What to do when you have been pwned?
Most importantly, do not panic! It is important to follow a few steps to assess the extent of the damage that has been done. Once that is done, you can attempt to get your accounts back.
- Change your email account credentials, set up multi factor authentication and check there are no forwarding rules in place. Without doing this you will simply tell the hacker you’re changing your passwords and they can counteract the change.
- Change the passwords of all other accounts, starting with
–and upper-case letters, as well as numbers and symbols. These ensure your password is very hard to guess by human or even a machine. Avoid using substitutes such as number 0 for letter o and $ for S as most attacks are done by computer so have these alternatives built into their algorithms. - Check your financial accounts and keep an eye on them. If you think your account may have been compromised you can speak to your bank for advice and they can instigate additional checks and keep an eye open for unusual activity.
If you need help creating a secure but memorable password there are a few tips you can follow.
- Use 2 or 3 random words with numbers in between. Look around, what can you see?
- Use initial letters from a saying, phrase, movie or song title. If you want to make it more random, reverse the letters.
- Use a random password generator – make sure its genuine and don’t copy and paste directly from the generator to your account!
- Some password keeper applications will recommend or produce random passwords for you.
If you believe to have been the victim of a data breach and would like to seek some advice, please contact our team of experienced engineers for a non-obligatory chat.
