Have you been pwned? – Bag of Tricks

Pwned. Yup, it is a word, not a typo. It is a word from an informal language used on the internet called “leetspeak.” Another example of leet is when a 3 is used instead of an E; “leet” becomes “l33t.” “Pwn” is derived from the verb “own,” meaning to appropriate or to conquer to gain ownership. If you have been “pwned,” you have been “owned.” If you’re a victim of a data breach, you’ve been pwned.

A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software.

While big data breaches are often reported in the news, smaller ones often are not. The International Data Cooperation predicts that a quarter of the world’s population will have been affected by a data breach by 2020.

There’s not a whole lot you can do to protect yourself from a data breach. These days, your personal information is out there somewhere, and probably on plenty of different platforms. No company is 100% secure from a breach. So, that one website where you had to make an account to get that free download of those templates for your newsletter…what happens if they have a data breach and the hackers get your information? And how would you find out it was hacked?

There’s a site called haveibeenpwned.com (HIBP) that will help you determine if you have an account that has been compromised in a data breach. The site searches all the places hackers use to post and sell information. HIBP aggregates breaches and enables people to assess where their personal data has been exposed. If you sign up on HIBP and they find your email address, they notify you.

Sure, someone having information like your name, and email address might not seem as harmful as someone having your Social Security Number or credit card information. Even phone books (you know, the old school white pages) printed your name, address, and phone number. To some extent, basic info about you is already available on the internet. Your name typed into a search engine can yield data useful to online marketers and nosy neighbors, but probably not enough to cause serious trouble.

But any data breach can leave you at risk of identity theft if the hackers want to use that information against you. A breach doesn’t automatically mean your identity has been stolen. There are a few things you can do to avoid identity theft.

  1. Don’t use the same password for different sites. I know, it is nice to have an easy to remember password, but there are other ways to deal with that. Use a password manager (like LastPass) if you need, but don’t use the same password for multiple sites. Just don’t.
  2. If an online account has been compromised, change the password on that account right away. If you have the same password for other sites, change them (and see #1 above) and use unique passwords.
  3. If a payment-card number has been stolen, contact the bank or organization that issued the card immediately. Speak to a live human representative. Explain that your account is at risk of fraud, and ask the card issuer to alert you if it detects suspicious activity on your account. The bank will almost certainly cancel the card and issue you a new one straight away.
  4. Contact the major consumer credit-reporting bureaus and ask each to place a fraud alert (credit alert) on your name. This way, if anyone tries to steal your financial identity — for example, by trying to open a credit-card account in your name — you’ll know. (You’ll also learn when anyone tries to look up your credit.)

As we have talked about before in the Bag of Tricks series, having resources at your fingertips and a basic familiarity with technology can come in very handy for better serving patrons and can also give you a bit more confidence. A Bag of Tricks is a virtual toolkit that you create to help familiarize yourself with new technology and websites that you or your patrons might find handy. Here’s an example of a Bag of Tricks that you can use as a jumping-off point for creating your own:  https://padlet.com/kieran/CSLSHAREANDLEARN. You might consider investigating identity theft, and security in-depth and creating a whole bag of tricks on this subject to help your patrons.


Kieran Hixon