What is a data breach, and how can passwords help you deal with them?

Whether it’s billions of records stolen from Yahoo or just a handful of emails accidentally leaked by your local library, data breaches happen every day. We, as internet users, give away our data left and right — it’s how we get to use most of the services we want and need. With so many different companies handling our data (passwords, addresses, emails, names, phone numbers, and other records), we must know what data breaches are, how they happen, and what we can do to minimize the damage when we’re affected. 

How data breaches happen 

Many tend to think that hackers are solely responsible for data breaches. However, human error or gaps in a company’s security can also cause major data leaks. Here are the main reason data breaches happen: 

• Accidental or malicious insider actions. An employee purposely shares company data to damage the company or accidentally loses a device with sensitive information. Either way, it’s a data breach caused by an insider.
• Accidental or malicious outsider. An accidental outsider breach could be any person who stumbles upon a database that was left accessible to the public. The malicious outsider uses various cyberattacks and social engineering tactics to steal data from a company.

Any kind of information leaked in any of these ways could be considered a data breach. However, the most common type of data breach we are used to hearing about is leaked users’ credentials — email/username and password combo. 

The largest data breaches of 2022 

• Hackers broke into 483 crypto.com users’ accounts and stole more than $30 million in Bitcoin and Etherium.
• Hacker group Lapsus$ targeted many major players with varying success — they managed to hack multiple companies this year, including Nvidia, where they stole 1TB of data with usernames and passwords of more than 70,000 Nvidia employees. The same group tried to attack Microsoft, but the company was ready, and only one account was compromised.
• In July, a hacker stole 5.4M Twitter users’ account details and tried to sell them on a hacking forum for $30,000. They managed to exploit a vulnerability in Twitter’s systems.

What is breached data used for? 

There’s no shortage of ways a cybercriminal can use stolen data: 

• Sell it to other criminals online.
• Use credit or debit card information or banking data to make purchases or money transfers.
• Take out loans and new credit cards.
• Use it to steal your identity and collect tax refunds, file for unemployment, rent out an apartment, or apply for a job.
• Log into your accounts, lock you out, and demand you pay ransom to get them back.
• Use the information to carry out further targeted attacks against you, your friends and family, or your employee.

How to minimize the damage of data breaches 

As an end user, there’s not much you can do to prevent the services you use from getting breached. But you can choose carefully who you entrust your data to and how you handle your accounts to minimize the risk of a data breach affecting you personally. 

First and foremost — strong and unique passwords are key. Use a different password for every account you have, and make sure they are at least 12 characters long and contain random letters, numbers, and symbols. 

It’s impossible to remember all of these passwords, so make sure you store them securely. A notes app on your phone is not a good place to do it — neither is a physical notebook. Use a password manager with strong encryption algorithms to keep your passwords safe from attackers. 

Try to minimize the number of online accounts you have. Each one is a liability. While different passwords will ensure that your other accounts will be inaccessible to an attacker in the case of

a breach, your other information can be used against you. If you no longer use a platform or a service, delete your account. 

Once you suffer a data breach, be wary of phishing or targeted spear phishing attacks. If cybercriminals have your email and other sensitive information, they can use it to trick you into logging into a fake website, giving away more data, or paying for a fake service or fine. 

Use security software to make your life easier 

Bulletproof security tools that are easy to set up and use — NordVPN and NordPass are here to make your everyday digital life easier and minimize the threat that data breaches pose. 

NordPass is a premium password manager that stores, auto-saves, auto-fills, and generates unique passwords. It’s a zero-knowledge password manager that uses the XChaCha20 encryption algorithm to ensure complete privacy and security — you will be the only one who can see and access your passwords unless you decide otherwise. 

NordVPN will encrypt your internet connection and make sure you are safe from malware, trackers, and intrusive ads. You also won’t have to worry about clicking on a phishing link — NordVPN’s Threat Protection feature will stop you from landing on fake malicious websites. 

Both NordVPN and NordPass monitor the latest data breaches and the Dark Web for leaked user credentials. If your email is part of a breach, you will be immediately notified so you can secure your accounts. 

Want hassle-free online security? Try NordVPN and NordPass now with a special bundle deal: get 68% off the 2-year plan and receive three extra months for free. Check out the deal now at nordvpn.com/