Your Online Account May Have Been Breached? Don’t Just Sit There. Do Something.
Too many people respond with a shrug and maybe change their password. That’s asking for trouble.
Too many people respond with a shrug and maybe change their password. That’s asking for trouble.
How do consumers respond when their online accounts are exposed to hackers? Many of them simply don’t.
Data breaches at major firms have become all too common, with more than 110 million user accounts exposed in just the second quarter of 2023. Yet our research found that nearly two-thirds of U.S. consumers would return to a site after they were notified of a breach—with only the bare minimum of precautions, like changing their passwords.
Almost a quarter of the roughly 200 people we surveyed said they would return to the compromised website with no changes to their behavior at all. Only 10% said they wouldn’t go back.
Even people who had cybersecurity training within the past 90 days—in other words, people who should be primed to protect themselves—took risks. In this subsequent study, over a quarter of roughly 500 people said they would return to the breached website while taking the absolute minimum security measures, and only about 9% would take more-complicated steps such as setting up two-factor authentication. And they would do that only if they experienced real financial consequences, like fraudulent charges on their credit cards.
Why wouldn’t people protect themselves? Many of the consumers we surveyed believed that there were few—if any—alternatives to the websites they used frequently, and all websites seemed to be affected by data breaches. Why bother beefing up security? Likewise, some people said they would stick with a compromised site because they had put so much time and effort into their presence on it—a classic sunk-cost fallacy.
Since doing nothing may put your finances and personal information at risk, what should you do in case of a breach? Based on my experience as a researcher in this domain and guided by input from customers recovering from data breaches, I recommend the following actions.
Take each data-breach notification seriously. Immediately change passwords on the affected sites and sign up to follow the updates from the breached firm. This is also a good time to ensure your passwords are unique and not being used across several sites.
Find out what kind of breach it is. Some breaches violate your privacy—such as stealing your playlist or viewing preferences—but may not be as damaging as other hacks. So they may just require a simple password change on the affected site. Even the breach of encrypted password data, such as in the LastPass data breach, while serious, isn’t an immediate threat.
On the other hand, things like compromised credit-card numbers, financial data and personally identifiable information need stronger attention. Even seemingly innocuous breaches of social-media networks may reveal data that can be used to impersonate you and perhaps be used to invade the privacy of those around you. For instance, hackers might be able to figure out your “forgot password” questions on websites by learning where you grew up, the names of your pets and more.
Set up push notifications for financial data. When you’re notified of data breaches that involve credit cards or payment information, review the transactions on the affected accounts, going back to the previous payment period. Whether or not there has been unusual activity, protect yourself by adding mobile push notifications for credit-card transactions—an option offered by most credit cards, online-payment mechanisms and banks. Most notifications happen in real time, so consumers affected by data breaches can quickly identify and contest improper charges.
Use free credit monitoring. Some credit cards and banking firms such as Discover and Chase provide free monitoring of consumer credit and provide monthly updates of noteworthy events and changes. Some go further and provide benefits such as removal of your personally identifiable information found on public sites, including data brokers. Using these services is an easy way to identify and report fraudulent activity, as well as protect against identity theft—so review this data regularly if your information has been exposed.
Enable dual-factor authentication on all of your accounts. This is a good practice in general but is especially important for anyone affected by data breaches. With dual-factor authentication, you enter your password as usual but then confirm your identity using a personal device, typically a mobile phone. This limits someone from logging into the account with a stolen password.
Along with enabling dual-factor authentication, there are a number of steps you should take in the event of a social-media breach.
First, change the password and log in with the new one. Check the login-activity page to see if anyone other than you has logged in, and then look for the option to delete all other active sessions—so every other device that is currently logged in is effectively logged out.
Also review all direct messages, posts, and comment activity on the account, and report anything suspicious. If it affects other people, let them know. Finally, pause or temporarily deactivate the account, if that is an option, to make it even tougher for hackers to get access.
Rajendran Murthy is the J. Warren McClure Research Professor of Marketing at the Rochester Institute of Technology’s Saunders College of Business.
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
Tech investor was one of the most outspoken supporters of Trump in Silicon Valley
President-elect Donald Trump named a Silicon Valley investor close to Elon Musk as the White House’s artificial intelligence and cryptocurrency policy chief, signaling the growing influence of tech leaders and loyalists in the new administration .
David Sacks , a former PayPal executive, will serve as the “White House A.I. & Crypto Czar,” Trump said on his social-media platform Truth Social.
“In this important role, David will guide policy for the Administration in Artificial Intelligence and Cryptocurrency, two areas critical to the future of American competitiveness,” he posted.
Musk and Vice President-elect JD Vance chimed in with congratulatory messages on X.
Sacks was one of the first vocal supporters of Trump in Silicon Valley, a region that typically leans Democratic. He hosted a fundraiser for Trump in San Francisco in June that raised more than $12 million for Trump’s campaign. Sacks often used his “All-In” podcast to broadcast his support for the Republican’s cause.
The fundraiser drew several cryptocurrency executives and tech investors. Some attendees were concerned that America could lose its competitiveness in emerging areas such as artificial intelligence because of overregulation.
Many tech leaders had hoped the next president would have a friendlier stance on cryptocurrencies, which had come under scrutiny during the Biden administration.
“What the crypto industry has been asking for more than anything else is a clear legal framework to operate under. If Trump wins, the industry will get this, and more innovation will happen in the U.S.,” Sacks posted on X in July.
The tech industry has also pressed for friendlier federal policies around AI and successfully lobbied to quash a California AI bill industry leaders said would kill innovation.
Sacks’ venture-capital firm, Craft Ventures, has invested in crypto and AI startups. Sacks himself has led investment rounds in many. He has previously invested in companies such as Slack, SpaceX, Uber and Facebook.
Sacks was the former chief operating officer of PayPal, whose founders included Musk and Peter Thiel . The group, called the “PayPal mafia,” has been front and center this election because of its financial muscle and influence in drumming up support for Trump.