Password Leaks Are Happening Now: Here Is How to Protect Yourself

If you’ve been paying attention to cybersecurity news, they you probably know that bulk password leaks are a regular occurrence. Rumors of breaches at TeamViewer , LinkedIn, the Russian social network VK, and Twitter have all been swirling about, and by the time this article is published, there’ll probably be a bunch more. Even Mark Zuckerberg got hacked recently.

The hard truth is that password leaks happen all the time, and there’s a decent chance that one of your accounts has been involved in one; if it hasn’t happened yet, it probably will soon. So follow these tips to make sure you stay safe, no matter how many password databases are breached.

How Do Password Leaks Happen?

It seems like there’s news of a new leak every other day; the past few years have seen big password leaks from social networks, retailers, and just about any other kind of site you can think of. In many cases, it can be traced to sub-par security on the part of those sites. Hackers find a way in, grab the database that contains hashed passwords, and then sell them off. If the hash hasn’t been salted, and the passwords are decrypted, this is bad news.

Sometimes information is leaked from an inside source, such as in the case of the Ashley Madison data leak. Disgruntled employees have a reputation for causing various types of havoc, and data leaks are among their tactics.

No matter how the original data is obtained, it’s then either sold on the dark web, or posted publicly on a site like Pastebin . After that, mayhem ensues.

So what can you do to keep your accounts safe?

Stay Informed

You can’t protect yourself if you don’t know what’s going on. This means you’ll need to pay at least some attention to cybersecurity news. By regularly checking sites like the LeakedSource.com blog or following Twitter accounts like @passwordsleaks or @PastebinLeaks, you can be among the first to know when there’s been a big leak. Even following tech on Google News or another general news site will help give you a heads-up.

You can also set up a Google Alert for “password leak” and get notifications when there’s a new one in the news. Given how many outlets cover every leak, you might receive a lot of notifications, but it’s probably worth skimming every once in a while to see if a site that you’re a member of has had a leak lately. You could also set up alerts for specific sites that you’re interested in.

And if you think there’s a chance that one of your passwords has been leaked, go to haveibeenpwned.com and enter your email address. In fact, you should probably just go check the site every once in a while. You might be surprised to find out that your account details have been leaked a few more times than you thought!

You can also set up a Notify me when I get pwned alert to get an email when your email address is listed in a password leak, which is a great way to get an early heads-up.

Change Potentially Leaked Passwords

This is another obvious one; if you think that one of your accounts may have been involved in a leak, change the password right away. Whether you log into the site and change your password manually or use a faster solution like LastPass’s one-click password change , you need to change that password immediately. If a cybercriminal has access to one of your accounts, they may be able to use it to gain access to other accounts, even if those accounts rely on different passwords.

In fact, you should probably just change your passwords on a regular basis anyway. Not all leaks get reported, and there are certainly other ways that someone can get a hold of your password. LastPass’s Security Challenge will tell you when some of your passwords are getting old, but setting up a reminder in Google Calendar, or changing your passwords every first of the month, is a really good habit to get into.

Enable Two-Factor Authentication on Important Accounts

How you define “important accounts” is up t