When we speak of data breaches, typically there are hackers involved. For example, hackers were behind Yahoo's two massive breaches we told you about in 2016.
Sometimes, though, it's the laziness or ineptitude of the company that owns the database that's at fault. That's exactly what happened in the latest breach that exposed 1.4 billion accounts. Chances are you or someone that you know has been impacted by this breach.
Who is responsible for the massive data breach?
MacKeeper researcher Chris Vickery recently discovered an unprotected database that holds information on nearly 1.4 billion accounts. The database belongs to River City Media (RCM), a group that purports to be a legitimate marketing company. In reality, RCM is a spamming operation that sends out up to 1 billion spam emails per day.
It appears that the exposed database was a backup that RCM didn't properly secure. This left the database open for anyone who stumbled across it to steal information. The exposed data includes email addresses, full names, IP addresses and even some account holders' physical address.
RCM attained information on 1.4 billion accounts through certain online offers such as free credit checks, sweepstakes and education opportunities. Anytime someone clicks on one of these ads online and enters their information it's possible for a spam operation like this to be behind it. RCM also could be paying other sites for customer information of anyone who is signed up through them.
Many sites that offer free services require users to create accounts. Registration is free so you think: "What's the harm?" Well, there is no harm, unless you find an inbox full of spam from that company to be a nuisance. Click here to find out a great way to register for an account without putting your information at risk.
Unfortunately, my personal email was a part of the RCM data breach. I was notified of this by the website Have I been Pwnd. Continue reading to see how you can keep tabs on your email address and other safety measures you should follow after a massive data breach.
What you need to do following a data breach
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check email security settings - Make sure the email account associated with the hacked site has updated security settings.
- Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.