Dataleak
What are data leaks?
A data leak is the unintended loss of data. In most cases, this refers to the publication of that data. This happens particularly with providers of online services. Reasons for this can include improper handling of personal data, human error, or hacker attacks.
According to the BSI (German Federal Office for Information Security), leaks from the year 2024 most frequently contained names, appearing in 83 percent of all leaks, and email addresses, appearing in 53 percent of all leaks. In addition, a quarter of known leaks contained highly sensitive data such as payment information or social security numbers.
How can I prevent becoming a victim of data leaks?
Be careful about sharing personal data, for example when providing your email address for newsletters.
Use strong passwords.
(Reference to the password article.)
Harden your operating system:
Use an antivirus program.
(Reference to the malware article.)
Use a VPN.
What should I do if I am affected?
Change your passwords, not only on the affected platform but also anywhere you used the same password.
Check what data has been lost. In some cases, compensation claims may be possible.
How can I find out if I am affected?
Check your data on haveibeenpwned.com. The website searches known databases to determine whether they contain your email address or password.
Notification obligation of providers (Section 169 TKG). The provider must inform you if you have been affected by a data leak.
Your contacts receive strange messages from you that you never sent.
You receive several notifications from providers stating that someone has logged into your account.
What can hackers do with my data?
Sell it.
Datasets containing names and real email addresses, or even physical addresses, are valuable and can generate a considerable amount of money when sold in large quantities.
Create mailing lists.
Fraudsters can collect email addresses in order to distribute phishing emails more effectively.
Blackmail.
Criminals may threaten companies with publishing stolen data if their financial demands are not met.
Sources
The State of IT Security in Germany 2024 – Situation Report of the German Federal Office for Information Security (BSI), 2024.
