Shortly after joining the PCMag team in 2021, I started receiving weird emails. They weren't from readers or Twitter reply guys,;p as I expected. Instead, they were from Instagram, informing me that people in Brazil, China, or Iran were trying to access my long-dormant account. The warnings prompted me to log in, change my password, store it in a password manager, and enable multi-factor authentication on my account. The process took less than five minutes from start to finish, and I even decided to start posting and interacting on Instagram again.
So what happened? After entering my email address into the form on the Have I Been Pwned website, I determined my information surfaced as part of a data breach, and because I'd reused my Instagram password for another account on the web, my Instagram account was ripe for a takeover by a stranger. That weekend, I went through all my online accounts, changed the passwords, stored them in a password manager, and enabled multi-factor authentication.
Data Breach Statistics
It's tough to keep your information private these days. As PCMag Editor Jason Cohen reports, people in the United States experienced the most database breaches in 2021, with 214.4 million accounts affected. Let's look at the bigger picture and consider that globally: 955.8 million accounts were affected by data breaches in the first 11 months of 2021.
How to Secure Your Information
So what can be done about it? The worst you can do is nothing, which is the course of action (or rather inaction) that about 16% of people choose after learning of a data breach, according to one survey.
Instead, use a password manager to create and store unique and strong login credentials for sites all around the web. The best password managers require a strong master password, and the password manager can even help you generate a strong master password that's long and has different character types. Your only job is to remember that one master password.
Using multi-factor authentication is also the right idea in the age of daily data breaches. In addition to using a password manager, enable multi-factor authentication on your accounts wherever possible using either an authenticator app on your phone or a hardware security key. Try to avoid SMS authentication, as it has proven in the past to be a less-secure authentication method.
Even with preventative care, hacks occur. PCMag lead security analyst Neil J. Rubenking put together a short guide on how to handle a hack and get your life back on track fast.
Like what you're reading? You'll love it delivered to your inbox weekly. Sign up for the SecurityWatch newsletterSign up for the SecurityWatch newsletter.
The Top Sites Collecting Your Personal Data
You should be flattered—the world's biggest brands want to know all about you. In some cases, many of them already own an extraordinary amount of your personal information. Facebook, for example, knows your race, religious beliefs, hobbies, preferred phone or mobile device type, and even your current location. According to PCMag features editor Eric Griffith, social networks, online stores, and even streaming services collect lots of information about you.
In many cases, you hand over your banking details when you sign up for Tinder or Netflix. Other services collect information about you over time via cookies that follow where you visit online and what you buy online.
It's no surprise that Facebook tops the list, as many people willingly share plenty of information about themselves on the social platform. In contrast, Pornhub (which ranks 48th on an extended version of the same chart shown above) collects very little information about its users, just noting, ahem, "Interests" and the type of device used to access the site. Pornhub doesn't even want your email address, unlike just about every other service on the chart.
Take a look at the full report on Clario's website.
What Else is Happening in the Security World This Week?
Stop Trackers Dead: The Best Private Browsers for 2022. Online marketers mine your data and target you for sales. Foil their efforts with these secure browsers' tracking protection and privacy features.
LastPass Says 'Credential Stuffing' Warnings Sent in Error. The company originally believed a credential stuffing attack was targeting its users, but it now says recent security alerts "were likely triggered in error.
'DoorLock' Vulnerability Can Force iOS Devices to Endlessly Reboot. A flaw in Apple's HomeKit can be exploited to force iOS devices into endless reboot cycles.
The Best Parental Control Apps for Your Phone in 2022. If you want to keep your kids safe online, you need a parental control solution that monitors all their devices. These apps are the top cross-platform performers in our testing.
The Best Free Antivirus Protection for 2022. Microsoft Defender is improving, but you still shouldn't rely on it by itself. That doesn’t mean you have to pay extra, though. We’ve tested the top free antivirus apps so you can protect your PC for free.