Google keeps tabs on your hacked accounts. It’s a good tool, so use it.
The good news is, you can fix the problem before other accounts are hacked. The bad news is, you might get a shock when you see how many passwords are compromised, reused, and weak.
Over time, you may open dozens of accounts — if not many more. Some of those accounts have likely been hacked already. That leaves you vulnerable for obvious reasons (e.g., the exposure of sensitive personal data).
There are more than 15 billion “credentials” (usernames, passwords and other sensitive data), available for sale on the dark web, Terence Jackson, Chief Information Security Officer at Thycotic, told me in an email.
“Password reuse is one of the issues that leads to password spraying type attacks…[bad guys] don’t have to work as hard…if they already have the passwords,” he said, referring to a kind of brute-force password attack.
And that’s why Google strongly suggests that you don’t reuse passwords and go back to those accounts and create new unique passwords.
The Google Security Checkup is the place to start.
MORE FOR YOU
“Recent Security Activity”
Another way to track the integrity of your account and take action if necessary is to keep on eye on the activity:
Access your Google account (upper right-hand corner of Chrome browser next to the three vertical dots) and click on “Security.” This will show you “Recent Security Activity.” So, for example, if your account has been accessed in Billings, MT but you live in Philadelphia, PA, then you know something’s up.
This happened to me recently and I was able to cross check the device ID number provided by Google with the device ID number in my Microsoft account (which tracks my Windows laptops).
In this case, a password reset could be necessary. (In my case, the Google location data wasn’t precise and it was actually me accessing my own account.)
Seeing a long list of “compromised” accounts and passwords for the first time can be a shock.
“The concern is that people will be overwhelmed with the amount of data they may see and become overly concerned,” Brandon Hoffman, Chief Information Security Officer at Netenrich, told me.
Hoffman is right. Panic happens. But this shouldn’t stop you from taking action.
And remember — convenience is not your friend. It’s not easy to maintain secure passwords and accounts. It takes constant vigilance and regular corrective action*.
Comments can be sent to mbcrothers[at]gmail[dot]com or direct message at twitter.com/mbrookec
*I always set aside a chunk of time every week to track password and account breaches.