More than half of us reuse our passwords for different online services, according to 2018 research by Virginia Tech.
That means it can be seriously bad news if data leaks online in a hack or data breach, as hackers can then potentially use that data to access other accounts.
You’ll often be forced to change your password for that particular site after a breach, but you’re still at risk if that password has been used elsewhere.
If you’re worried, the website HaveIBeenPwned lets you check your email address against data which has been stolen and leaked online in data breaches.
If you find your email data has been leaked, make sure your password hasn’t been reused, particularly on your email account (as this can be used to give access to social media and shopping accounts by resetting the password).
You can also use HaveIBeenPwned to see how many times the password you use has been leaked in data breaches (if it’s commonly used, it’s more at risk from ‘brute force’ attacks by hackers, where machines ‘guess’ every possible password).
Here are some of the biggest breaches of the last couple of years.
Facebook admitted to multiple incidents where data was left exposed in the past year, either via Facebook’s own service or via app developers who had access to Facebook data.
In one attack, hackers gained access to data from 29 million accounts, including information such as location and relationship status.
Data from Facebook accounts, including passwords, was left unsecured and exposed, including 540 million records with data such as Likes, account names and comments, researchers found earlier this year.
Another app developer left passwords unsecured, researchers from Upguard found.
This week, WhatsApp warned that a vulnerability in its service could have left its 1.5 billion users exposed to hackers.
Attackers could place malicious code on a user’s device simply by making a call, the company admitted.
It has since fixed the vulnerability but users need to update their app to be safe.
Microsoft Email Services (Hotmail, MSN, Outlook)
Microsoft admitted in April 2019 that hackers had been able to access data from MSN, Hotmail and Outlook accounts, via Microsoft’s customer support portal.
Microsoft said that a ‘limited’ number of users had been affected, but recommended that users change passwords.
Hackers accessed T-Mobile’s servers and stole data including personal data and passwords for up to two million users.
Data including credit card details leaked from British Airways’ online services in late 2018, with up to 500,000 customers affected.
British Airways warned customers who had bought or amended bookings in August and September 2018 that their data may have been stolen.
The online question-and-answer service Quora admitted that a ‘malicious’ actor had gained access to data from up to 100 million user accounts in November 2018.
Google’s social network Plus was abruptly closed down after a huge data breach in October 2018, affecting up to 52.5 million people’s personal information.
The flaw could have allowed apps to harvest information including email addresses, occupations, gender and age.
Popular interior design app Houzz saw data for 49 million users leak in a large scale data breach which happened in mid-2018.
Users were warned that data including email addresses, locations and encrypted passwords had leaked in February 2019.
The popular photo service admitted in February 2019 that data from 14.8 million users had leaked with full names, email addresses, birth dates and locations.
The popular fitness and diet service suffered a data breach in 2018 which leaked 144 million email addresses along with usernames, IP addresses and encrypted passwords.
The email address verification service admitted that data for customers had been left online, unsecured without a password.
Up to 763 million email addresses were left exposed.