05/10/2018 by admin with 0 comments
It happened again. Another major web service lost control of its database, and now you’re scrambling to stay ahead of the bad guys. As much as we hate them, data breaches are here to stay. The good news is they don’t have to elicit full-blown panic no matter how sensitive the pilfered data might be. There are usually some very simple steps you can take to minimize your exposure to the potential threat.
The first thing to figure out is what the hackers took. If they got your username and password, for example, there’s little point in alerting your credit card company.
News articles and company statements should make it very clear what leaked. Was it just your email address, or was it your password data too? What about credit cards (if applicable) or personal data like private messages?
This is the first step in creating an effective recovery plan, but before you take any action there’s a critical follow-up question to ask.
Hackers take data all the time, but many times the stolen data is unusable thanks to security practices that include terms like “hashed,” “salted,” and “encrypted.” If the data is in the form of “cleartext,” that means no cryptography has been used, and it’s just as easy to read and manipulate as a Word document or a regular email message.
Hashed data, on the other hand, is data that has been scrambled in a such a way that you cannot decode it back to plain text. Hashing is often used for password databases, for example.
Not all hashing methods are equal, however, and sometimes they arereversible. As a second line of defense, a company may add what’s called a salt—random data—to make decoding harder. The bottom line with hashing is that you’ll need to probe a bit further to see whether the company believes the data is usable or not.
Finally, encryption is supposed to be a two-way scrambling process that only allows someone with the “key” (usually a password or password file) capable of decoding the data.
Even if hackers took data that is hashed or encrypted, sometimes companies will advise changing your password regardless, just to be safe.
If you need to change your password then be proactive. Change your password right away, and don’t wait for a warning email or message from the company, if possible.
If you’ve been using that same password on other sites change it there as well. A single data breach can easily take down other accounts if you’re reusing passwords. Don’t do that.
Now is a great time to start using a password manager if you aren’t already. These programs can create new, hard-to-guess passwords and save them for every online account you have. They also protect your passwords with encryption, and (typically for a fee) make them available across all your devices.
Passwords just aren’t enough anymore, which is why it’s also a good idea to enable two-factor authentication (2FA) on any of your accounts that support it. Two-factor authentication means your web service will require a secondary, six-digit code before permitting access to your account—even with the right password.
This is a great way to slow down the bad guys. Unfortunately, it also has the same effect on you. Most services only require a 2FA code every 30 days per device, or in some cases just once on a single browser from a single device. So it’s not too terrible.
The best way to use two-factor authentication is with an app or device dedicated to generating these codes. Receiving SMS codes is not advised, because they are vulnerable to a variety of relatively trivial attacks.
If you need help picking a two-factor authentication app check out our roundup of the best 2FA apps.
Many websites allow you to set a specific recovery email address that is separate from your main account email. This is the email address where you get links to reset your password after clicking the “Forgot password?” link on a website.
It is best to have a specific email address that is only for account recovery emails and is not connected to your identity—if your Gmail is JAndrews don’t use JAndrews@, for example. If you use your regular email for account recovery, hackers can target that email address, and, if they compromise it, take over your online life.
As with any other email account, make sure your recovery mail is protected with a hard to guess password and two-factor authentication.
> See also: Why Security is Important for Your Web Traffic?
If your credit card number was compromised then you need to alert your bank or credit card provider. If it was a particularly large breach, there’s a good chance your bank already knows about it, but it’s still a good idea to let them know you were hit.
You want to make sure you talk to a representative, and tell them what’s happened. The company will likely cancel your card and issue a new one.
Don’t wait on this one. Notify your bank or credit card company right away to ensure you aren’t held responsible for any fraudulent charges. If a debit card number was stolen, this step is doubly important. Not only because that means cash will be leaving your account with every bad charge, but also because debit cards don’t have the same recovery protections as credit cards.
Get a fraud alert on your credit record with the three major credit bureaus: Equifax, Experian, and TransUnion. You might even want to get a credit freeze to prevent anyone from trying to open an account in your name if you’re at risk for identity theft.
Take advantage of your right to an annual free credit report from each of the three reporting companies. By staggering the reports, doing one every four months, you can keep an eye on your credit rating throughout the year.
Another good move is to go with limited-use burner debit cards that are connected to your actual bank account, but aren’t your actual debit cards. allows you to do this, and it’s a great way to protect yourself.
Instead of using your actual card number, you can use burner cards with all kinds of limits on them such as a card that’s only for Netflix, or cards limited to a maximum of $100. You can even create a one-time-use card for a major purchase. It’s a very handy service, and if your burner card ever leaks you can just delete it and start over.
Major database breaches suck, but they are a regular occurrence, meaning it’s not a matter of if you’ll get hit, but when. The good news is that being a little bit proactive can help avoid the headaches that come from identity theft.
|pid||Unique identification of the product. This is being used to check if product already exists||123456||Yes|
|name||Name of the product. It will be used if the product is not already imported.||ASUS Notebook||Yes|
|description||Description of the product. It will be used if the product is not already imported.||Best computer out there, with plenty of features,...||No|
|short_desc||Short description of the product. It will be used if the product is not already imported.||Best computer out there, with plenty of features.||No|
|url||URL to the product on your store. If this is empty link to your store will be used instead.||http://www.google.com||No|
|categories||Comma separated list of the categories. Comma separation is for the nesting of the categories.||Cloth, Man, Shoes||Yes|
|tags||Comma separated list of the tags.||black,new,brand||No|
|brand||Manufacturer name of the product.||apple||Yes|
|price||Price of the product. Field requires number only with decimals separated with dot (.) if the price has any.||10.99||Yes|
|shipping||Shipping of the product. Field requires number only with decimals separated with dot (.) if the price has any.||10.99||No|
|shipping_comment||Small desciption for the shipping comment.||We do not deliver on Saturday.||No|
|image||Input URL to the featured image of the product.||https://image_link.png||No|