There are several risks associated with storing your passwords in Google Sheets, including its lack of end-to-end encryption by default and lack of secure sharing capabilities.
If your password has appeared in a data leak, there are several things you should do, starting with changing your password. You may be wondering, “How would I even know if my password was in a data leak?” If you have an iPhone and save your passwords on your iCloud Keychain, you might have seen this message before:
This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.
Just as the message suggests, you should change your password as soon as you learn that your password has appeared in a data leak. If you don’t have an iPhone, you can use a free dark web scan tool to see if any of your passwords are exposed.
A data leak occurs when an organization unintentionally releases sensitive information. When your password appears in a data leak, this means that cybercriminals can gain access to whichever account you have used that password for, leading to cyber attacks or even identity theft.
Continue reading to learn more about what you should do if your password appears in a data leak and how to protect your accounts from data leaks.
How do passwords appear in data leaks?
Your password may appear in a data leak if a company you have an account with accidentally exposes customer information due to a mistake or vulnerability.
Despite the intent of the data leak not being intentional or malicious, cybercriminals take advantage of passwords appearing in data leaks in a few ways. Primarily, cybercriminals can collect the passwords that have been compromised and log in to the accounts to gain access to your private information.
Another thing cybercriminals could do is make a financial profit by posting leaked data on the dark web. The dark web is a section of the internet that gives cybercriminals anonymous channels to participate in illegal trafficking. In this scenario, your password that appeared in the data leak would be trafficked on the dark web to other cybercriminals. If you are curious if your login credentials currently exist on the dark web, try using our free dark web scan tool.
Steps to take if your password appears in a data leak
Now that we understand how your passwords can appear in data leaks, let’s learn what to do if it happens to you.
Change your password immediately
The very first thing you should do if your password appears in a data leak is change your password. It is especially important to change the password that got leaked if you have used that same password or a similar version of that password on another account.
If you are having a difficult time creating a unique and strong password, you should use a password generator or passphrase generator. Using a password generator allows you to choose the character length and inclusion of numbers, special characters and uppercase or lowercase letters into your unique password. Similar to a password generator, a passphrase generator develops a long password filled with random combinations of words and numbers. Using either of these tools will make your passwords very difficult for cybercriminals to crack due to how random and complex they are, which protects your sensitive information.
Enable MFA on the account
Although it’s always good to enable Multi-Factor Authentication (MFA) on your accounts for extra security, you should prioritize turning on MFA for any account that has been in a data leak. MFA ensures the safety of your account by requiring more than one form of authentication to access it, such as an answer to a security question, an authenticator app code or your fingerprint. If you have enabled MFA on your account, a cybercriminal with your leaked password will not be able to access your account because they would need the additional information.
Monitor your accounts for suspicious activity
After your password has appeared in a data leak, you should keep a close eye on your accounts for suspicious activity. For example, if the password to one of your financial accounts appears in a data leak, you should set up “unusual activity” alerts in case anyone has been able to access your financial account. These alerts would notify you of any abnormal activity within your account.
How to protect your online accounts from data leaks
Even if none of your passwords have appeared in a data leak, you never know when this could affect you. Follow these steps to protect your accounts from data leaks:
Use passkeys instead of passwords when available
One of the best ways to protect your accounts from data leaks is by using a passkey rather than a password. A passkey is an alternative to signing in to an account that does not require you to enter a password. Using a passkey instead of a password, when you can, makes it more challenging for cybercriminals to access your account.
You can store your passkeys just as you would store passwords in a secure, digital passkey manager. All you need to do is create your passkey, and every time you log in to the account you made the passkey for, your passkey manager will sign you in using your passkey.
Enable MFA whenever you can
As mentioned before, enabling MFA when you can is a great way to protect the security of your accounts. If your password does appear in a data leak but you have enabled MFA beforehand, MFA will prevent a cybercriminal from logging in to your account because they cannot provide the second form of authentication.
Invest in a dark web monitoring tool
Investing in a dark web monitoring tool before your password appears in a data leak will ensure that cybercriminals aren’t selling your credentials on the dark web. When you use a dark web monitoring tool, it will continuously scan the dark web for you and notify you if your credentials are found.
One dark web monitoring tool you can use is BreachWatch®, which works in tandem with Keeper Password Manager. BreachWatch is an add-on of Keeper Password Manager that detects which of your stored passwords can be found on the dark web. By notifying you immediately when it scans your passwords, BreachWatch lets you take action quickly so you can change your at-risk password as soon as possible.
Don’t let data leaks lead to compromised accounts
Even if a company accidentally leaks your login credentials, the consequences for your private information being available on the dark web can be severe. However, by taking the necessary steps of immediately changing your password and enabling MFA on your accounts, you should be able to protect your data.
Start using Keeper Password Manager today with a free 30-day trial so you can start creating unique and strong passwords for your accounts. Utilize BreachWatch to protect your identity and passwords from being compromised on the dark web.