5 Ways to Help Lock Down Your Data After PayPal’s Data Breach

PayPal is the latest company to report a data breach, but it certainly is not the only one. With cyber threat actors targeted large companies, software companies and even apps on your phone, your personal data may be at risk. If your private information has been compromised, you often won’t learn about it until a company notifies you of a data breach. By that time, your birthday, social security number, credit card number or health records will have already been exposed or stolen. (Here’s what to do if you’re thinking your CPR number was stolen in the PayPal breach.)

Any stolen information that leads data thieves to your identity can let hackers do everything from making purchases and opening credit accounts in your name, to applying for your tax refunds and making medical claims pretending to be you. Billions of these hacked login credentials are available on the dark web, nicely packaged for hackers easy to download for free.

You can’t prevent websites from being hacked, but after a cyber attack, monitoring tools can alert you to which of your stolen credentials are out on the dark web, giving you a head start on limiting the damage thieves can do. Here’s how to use two free monitoring tools — Google’s Password Checker and Mozilla’s Firefox Monitor — to see which of your email addresses and passwords have been compromised so you can take action.

Playing now:
Look at this:

Are your login details on the dark web? Find out…


Steps you can take before a data breach

First, use a password manager that creates unique passwords for each of your logins and make sure you follow through password best practices. That way, if a site gets broken, your stolen password will not allow hackers to access your accounts on other websites. A good password manager can help you manage all your login information, making it easy to create and use unique passwords.

And when you find out that a company or service with your credentials has been hacked, change your password, whether or not you’re notified that your information was exposed in the breach. You don’t want to wait days to act while the company works to uncover the extent of the hack.

How to use Google’s password checker

As part of its password management service, Google offers the free Password Checkup tool, which monitors the usernames and passwords you use to log in to websites outside Google’s domain and notifies you if those login details have been exposed. (You may remember Password Checkup as a Chrome extension you had to add separately to Google’s browser. This is the same tool folded into Google’s password manager).


Google’s password checker finds a few password problems.

Screenshot by Clifford Colby/CNET

1. If you use Google’s password service to keep track of your login information in Chrome or Android, go to Google’s password management page and tap Go to Check passwords.

2. Press on Check passwords and verify that it is you.

3. Enter the password for your Google account.

4. After some thought, Google will display any problems it finds, including compromised, reused, and weak passwords.

5. Next to each reused or weak password is a Change Password button you can press to select a more secure one.

How to use Mozilla’s Firefox Monitor

Mozilla’s free Firefox Monitor service helps you track which of your email addresses have been part of known data breaches.

1. To get started, go to the Firefox Monitor page.


Mozilla’s Firefox Monitor identified four breaches of this email.

Screenshot by Clifford Colby/CNET

2. Enter an email address and press Check for breakage. If the email was part of a known breach since 2007, Monitor will show you which hack it was part of and what else may have been exposed.

3. Press during a break More about this breakup to see what was stolen and what steps Mozilla recommends, such as updating your password.

You can also sign up to have Monitor notify you if your email is involved in a future data breach. Monitor scans your email address against the data breaches found and alerts you if you were involved.

1. Near the bottom of the Firefox Monitor page, tap Sign up for notifications button.

2. If you need it, create a Firefox account.

3. Press on Log in to see a violation summary for your email.

4. At the bottom of the page, you can add additional email addresses to be monitored. Mozilla will then send you an email at each address you add with the subject line “Firefox Monitor found your information in these breaches” when it finds that email address involved in a breach, along with instructions to what to do by following the breach.

How else to keep an eye out for fraud

In addition to using the tools provided by Mozilla and Google, you can take a few more steps to keep an eye out for scams.

See your digital footprint. Bitdefender provides a dashboard with its Digital Identity Protection subscription that shows where your personal information has been viewed online. It also locates data breaches where your information has been leaked in the past, notifies you when your personal information appears in future breaches, and provides recommended steps to secure your data. It also tells you if your information is on the dark web and notifies you if someone appears to be impersonating you on social media.

Monitor your credit reports. To help you detect identity theft early, you can request one free credit report per year from each of the three major credit bureaus – Equifax, Experian and TransUnion — to check for unknown activity, such as a new account you haven’t opened. You should also check your credit card and bank statements for unexpected charges and payments. Unexpected charges may be a sign that someone has access to your account.

Sign up for one credit monitoring service. To take a more active hand in keeping an eye out for fraud, sign up for a credit monitoring service that constantly monitors your credit report at major credit bureaus and alerts when it detects unusual activity. With a monitoring service, you can set up fraud alerts that notify you if someone tries to use your identity to build credit. ONE credit reporting service like LifeLock can cost $9 to $24 a month — or you can use a free service like the one from Credit Karma that will watch for credit fraud, but not ID fraud, such as someone trying to use your social security number.

For more on how to keep your data secure, see our guides on how to protect your phone’s privacythat best VPN services and why you should never trust a free VPN.


Leave a Reply

Your email address will not be published. Required fields are marked *