Most of us have been involved in a data breach at some point, whether it was the big breach at British Airways in 2018 or the more recent Facebook breach. It's a concerning fact of modern life that most of us at some point in our online lives will see our details caught up in a hack.
If one of your online accounts has been hacked - often called being 'pwned' - then it's important not to panic. Follow a few simple steps and you can check the scale of the damage and get your account security under control.
Data leaks happen - it's one of the unfortunate side effects of the modern, internet connected world. And often, these have nothing to do with you, the user, being irresponsible. Companies can suffer embarrassing data breaches - either through having their servers hacked, human error, or staff misconduct.
There are strict obligations on companies to report data breaches in a timely manner. These reports, plus analysis of hacked data that's been made available online, and the work of so called 'white hat' (good guy) hackers, means there are resources to help you find out if any of your own accounts have been compromised in a data hack.
What is Have I Been Pwned?
The best known site for checking if your email address, or any account associated with it, has been hacked, is called Have I Been Pwned.
Here, you can enter your email address (safely) and the site will check it against multiple data breach records. If your account details were included in one of those breaches, you'll be told the bad news that you've been 'pwned'.
Want some more help with securing your online accounts? Our friendly tech team can help you with one-to-one support on a range of tech issues. Find out more here.
To find out if your own email address has been affected by a data breach, head to the Have I Been Pwned website. You’ll need to enter your email address here – don’t worry, there’s no security threat to doing so: the site is run by Troy Hunt, a highly respected figure in the security industry.
What does 'pwned' mean?
Pwned, in this context, simply means that your account has been the victim of a data breach.
The word itself takes its name from player-to-player messaging in online computer gaming. When one player is defeated, another might type out a message to say ‘You’ve been owned’.
This was so frequently misspelt as ‘pwned’, the word itself took off.
What should I do if my account has been pwned?
If your email address has been compromised in a data breach, it’s a smart move to change your login password for your email address, and for the service which was affected by the breach. Even if your email account itself hasn’t been victim of a data breach, there’s a security risk if another account that you log into with the same password has been affected.
Ideally, you should never use the same passwords across multiple websites. It can, admittedly, be a pain to remember multiple logins. If nothing else, you should always have a completely unique password for logging into your email account – don’t use this same password on any other service.
The best way to create and store passwords is with password manager software - learn more about those and discover our Best Buy choices here.
When creating a strong password, use a mix of upper and lower case letters, numbers and symbols.
Learn more in our guide to creating secure online passwords
Watch out for spam
It’s more important than ever to watch out for spam and junk messages - especially if your account details have been included in a data hack.
Clicking on links within spam, or responding to messages, is a risk – at the very least, doing so tells the spammers that the email account is active, and you risk getting even more spam. It can also expose your email address to scammers, or, in some circumstances, install malware on your computer.
To protect against malware in spam, make sure you're using an up-to-date antivirus package - check out our latest reviews and recommendations here.
Keep an eye out, too, for signs that your own email address is be sending out spam. The most likely symptom of this is a deluge of ‘bounceback’ emails. You might see automatic responses or ‘address not recognised’ messages in response to emails that you didn’t intentionally send.
If you believe your own address has been used to send spam, don’t panic, there are steps you can follow to secure your account and let your contacts know what has happened.
See our guide on what to do if you are sending spam messages