Poles data leak. 4 steps to feel safe

In the wake of the huge data leak on the Poles this week, a pallid fear has seized many. What if our data is at risk? How to solve this problem and feel safe again? Here are some tips on how to get back to normal online.

1. Check if you are on the list of hackers - Haveibeenpwned and secure data

Although the data leak contained over 6 million login and data pairs, there are only 1.2 unique email addresses in the dataset available on the dark web. This means that not all Poles are affected by the leak, but those on the list have several or even a dozen compromised accounts.

The fastest way is haveibeenpwned.com, which has been around for many years and is recommended by all experts. This is a service that collects data from a huge number of leaks. It works amazingly simply - just enter your email address in the main text field. In a few minutes, we will be able to find out if we have been victims of not only the latest, but also previous leaks. We are interested in the item “Polish Credentials Credentials 2023”, which may appear in our report.

An alternative is safedane.gov.pl, recently launched by the Polish Ministry of Digitization. Although initially the service had some problems with the work, they are now eliminated.

The benefit of the Safe Data website is that it should let us know exactly what data has been leaked. Did the hackers get our Facebook data? Allegro? emails? Or maybe online banking? The service is designed so that we can assess the extent of the problem and change only the necessary passwords. However, you must be signed in with a trusted profile to get detailed information.

2. Change your passwords - the sooner the better

If we are on the list of leaks, we must change the passwords. This should not be done in your free time, on the weekend or next week. The sooner we change our login details, the less chance there is of further problems and account takeover by hackers.

Even if we are not on the list, cybersecurity experts recommend changing passwords regularly, at least every month. This definitely increases our resistance to hacker attacks and data leaks to the network. However, this is very labor intensive. In practice, few people change passwords for all their accounts on their own.

Here we should also recall one cardinal, but still common mistake. Users very often use very simple passwords and repeat them on many different sites. It’s like giving hackers your accounts on a silver platter - it makes their job a lot easier. It’s best to use a different password for each new site. A compromise might be to use different passwords for key services such as banking and email, and one password for less important services.

3. Enable Two-Factor Authentication - 2FA Saves Accounts

Even if a hacker finds out our username and password, all is not lost. Or at least when we have two-factor authentication (2FA) enabled.

This is an additional account protection method that blocks hackers in most cases. These are currently offered by most major websites and services such as Allegro, Facebook or Gmail. 2FA can take the form of an SMS code, an email, a numeric code in an application such as an authenticator, or a physical 2FA key inserted into a computer’s USB port.

It is also a good idea to enable login alerts where possible. Various applications can tell us that someone has just signed into our account. Such a report includes the date and time of entry into the system and, most often, the place from which it originated. If we logged in ourselves and received a warning, we can ignore it. However, when we do nothing and someone from Russia or China logs into our account in the middle of the night, we must respond immediately.

4. Start using a password manager - it’s the safest method

One of the best ways to increase your online security today is to use a password manager. The concept may seem a bit intimidating at first. After all, the service “knows” all our secret codes, email addresses and logins. “What happens when hackers break into the place where I keep all my secrets?” - you ask.

If we delve deeper into the topic, our doubts should disappear. All leading password managers use enhanced security and encryption. Companies also brag about not having access to their customers’ password data themselves.

How it works? The user must come up with one, preferably long enough and strong “master password”. With it, he logs in to the platform, which will remember his logins and passwords for various sites and services. If we want to log in, the manager will fill in the data for us (after entering the master password or unlocking the smartphone with a fingerprint or pin code).

Why use managers? Let’s consider two cases. First, we use the same email address and password to log into 20 websites. This is handy because we only need to remember one password, so we don’t need to use managers. However, one of our favorite portals is a poorly secured site that stores our password in an insecure way.

Leakage of data from the site to the network. What does a hacker do? It checks every possible service and potentially hijacks up to 20 of our accounts. It is dangerous to have one key that opens all our locks.

Second example. We use a manager that remembers 20 different logins and passwords for us. This is just as convenient as above because we only remember our master password. We’re dealing with a data breach again, but now the hacker only gets one of our passwords. The service informs us about the leak, we change one password (not all) and … that’s it. We have a headache.