How to check if your online accounts have been hacked

haveibeenpwned

Over the past decade the number of online accounts being compromised has skyrocketed, from email accounts to social media accounts being targeted, with the average person having over 50 online account logins. The hackers are gaining access to these with methods ranging from brute force attacks on weak passwords to large data breaches against online businesses. This is why it’s recommended that you have different passwords for each website that you use.

In October 2013, 153 million adobe account details were leaked in a large data breach where the passwords were weakly encrypted and many of these were quickly converted back into plain text. With a breach like this hackers could look up your email address in this database leak and find your password in it’s encrypted form, then attempt to convert it back so they can read the password clearly. They could try this login and password on other websites, if you had used the same logins elsewhere then they could have gained access to a range of different websites, perhaps even your email accounts which could be used to reset passwords even for websites they could not gain access to.

Recently it’s been discovered that millions of Google accounts are being breached due to Android malware which has been named Gooligan. This malware is distributed by downloading and installing a Gooligan infected application on a vulnerable Android device. This malware then installs a rootkit in the background which then attempts to gain root access to the device, once this has been achieved it will install malicious modules which injects code into Google Play or Google Mobile Services and mimics user behaviour to avoid detection. This then allows the malware to steals the Google email account and authentication token associated to the account.

What can you do to prevent Gooligan affecting you? Be cautious of what you install on your device and ensure that you keep your Android phone updated when patches are offered.

How can you check if your details have been leaked?

The best way to check if your account logins and passwords have been leaked are on sites like https://haveibeenpwned.com/   these allow you to search by your Email Address or by Username to see if your details were contained in any big data breaches. If you find that some of your accounts have been affected in this way we would highly recommend that you reset the password on that account and any accounts that could be using the same or a similar password.

If you find that you’re struggling to remember all the different passwords you’re using then you should look into using a Password Manager. We would highly recommend using a password manager which makes it simple to have a unique and secure password  for each site, without having to remember them all, this will help to keep your accounts as secure as possible.