WEBVTT

00:00:00.240 --> 00:00:07.279
so there have been plenty of reports in the news lately about large-scale data

00:00:05.279 --> 00:00:10.800
breaches caused by everything from clever hacking to poor security

00:00:09.120 --> 00:00:15.280
practices to somebody just leaving a flash drive

00:00:12.800 --> 00:00:19.920
lying around but once everyone's email addresses passwords and credit card

00:00:17.199 --> 00:00:24.240
numbers get stolen what actually happens to all that information i mean is there

00:00:21.920 --> 00:00:28.800
just like a walmart for cybercriminals where they go to buy your personal

00:00:26.000 --> 00:00:33.120
information at rollback prices and if your information is indeed part of a

00:00:30.720 --> 00:00:37.040
massive breach how do you find out what are the appropriate precautions

00:00:35.120 --> 00:00:42.000
so one thing that's helpful in understanding what happens after a data

00:00:38.960 --> 00:00:44.239
breach is to realize the sheer scope of

00:00:42.000 --> 00:00:49.920
many of them it's not uncommon for these breaches to affect tens of millions of

00:00:47.280 --> 00:00:55.280
people at once and sometimes even more so that means that it isn't particularly

00:00:52.480 --> 00:01:00.480
easy for an individual user to search through large databases of stolen

00:00:57.920 --> 00:01:06.320
information especially considering the sorts of places that information ends up

00:01:03.440 --> 00:01:11.200
oftentimes this data actually will appear on dark web markets that require

00:01:08.799 --> 00:01:14.560
special software to access them where it is indeed

00:01:12.400 --> 00:01:19.200
bought and sold by cyber criminals hoping to rack up fraudulent charges

00:01:17.200 --> 00:01:23.119
drain someone's bank account or even commit outright identity theft

00:01:21.680 --> 00:01:28.320
now you can learn more about the dark web here but it turns out that this isn't

00:01:26.320 --> 00:01:34.479
the only place where personal data can appear in fact sometimes it'll show up

00:01:30.960 --> 00:01:36.479
in a much more public pastebin site

00:01:34.479 --> 00:01:41.520
what's a pastebin site you might ask well it's kind of the digital equivalent

00:01:38.880 --> 00:01:46.640
of the inside of a bathroom stall wall they're designed for anyone to just dump

00:01:44.560 --> 00:01:51.840
a large amount of data as plain text and these things can be great

00:01:49.600 --> 00:01:56.320
for folks like coders who want others to check their code for errors or i mean

00:01:53.759 --> 00:02:01.200
just anyone who needs a place to quickly jot down a non-sensitive information

00:01:59.040 --> 00:02:06.159
in recent years though some pastebin sites have become hotbeds for stolen

00:02:03.520 --> 00:02:11.440
data procured from data breaches now some of this data is put there by

00:02:08.560 --> 00:02:16.319
hacktivists who don't seek to make much if any money off of their exploits while

00:02:14.000 --> 00:02:21.599
other leaks are partially dumped to pastebin sites by attackers as a free

00:02:19.440 --> 00:02:26.560
sample of a larger dataset that they expect to get paid for on one of the

00:02:24.080 --> 00:02:30.640
aforementioned darknet markets and while anyone can bring up data

00:02:28.720 --> 00:02:33.519
that's dumped to a paste bin it's not exactly easy for the average consumer to

00:02:32.800 --> 00:02:38.080
go hunt for their credentials one by one

00:02:36.480 --> 00:02:42.000
after they heard about the latest big data breach on the news

00:02:39.840 --> 00:02:46.400
there is good news though there are easier ways to keep tabs on your logins

00:02:44.239 --> 00:02:51.360
and passwords there are services that try to catalog dark net leaks and that

00:02:49.200 --> 00:02:56.720
automatically detect when large data dumps appear on paste bins then organize

00:02:54.080 --> 00:03:01.440
them into databases and save them even if the original data gets taken down one

00:02:59.360 --> 00:03:05.599
of the best known of these services is have i been pwned which works by having

00:03:03.599 --> 00:03:10.239
you enter your email address which it then checks against a database of

00:03:07.840 --> 00:03:15.280
billions of leaked account records to see if you've been affected by a breach

00:03:12.800 --> 00:03:19.760
have i been pwned uses a bot to monitor pastebin sites for new submissions

00:03:17.040 --> 00:03:24.080
containing credentials and passwords it offers email notifications if the site

00:03:21.840 --> 00:03:28.560
finds your info in a recent breach and it also allows users to enter their own

00:03:26.400 --> 00:03:30.879
passwords to check against the database as well

00:03:30.000 --> 00:03:35.519
which sounds like a terrible idea

00:03:33.519 --> 00:03:40.080
but don't worry have i been pwned employs an algorithm that keeps your

00:03:37.280 --> 00:03:45.040
password secure when you test them by hashing them then only sending the first

00:03:42.720 --> 00:03:48.640
five characters of the hash to a server that contains the database of known

00:03:47.120 --> 00:03:52.560
breached passwords after any matching hashes are found

00:03:50.480 --> 00:03:56.799
they're sent back to your pc which can then determine if your entire hash

00:03:54.640 --> 00:04:00.799
password is the same as any of the passwords found in the database if you

00:03:59.040 --> 00:04:03.760
don't know what a hash is by the way you can learn all about them

00:04:02.480 --> 00:04:07.680
right up here this functionality has actually also

00:04:05.599 --> 00:04:10.959
been built into some password managers which can even tell you if your

00:04:09.120 --> 00:04:15.760
credentials have been found in a recent data dump so

00:04:13.120 --> 00:04:20.720
that's cool but then what if you follow these steps and your details have been

00:04:18.000 --> 00:04:25.680
compromised well step one is to change your passwords step two is to contact

00:04:23.360 --> 00:04:29.759
your bank and credit card companies if your email was tied to those accounts

00:04:27.440 --> 00:04:33.919
and get in touch then with step three one of the major credit reporting

00:04:31.360 --> 00:04:37.360
agencies once you've contacted them you can do basic things like freezing your

00:04:35.919 --> 00:04:41.199
credit for free or if you want something a little less

00:04:39.120 --> 00:04:46.000
intrusive than having your credit frozen you can pay for credit monitoring which

00:04:43.840 --> 00:04:51.680
will send you a report when anyone tries to open a new account or apply for

00:04:48.479 --> 00:04:53.520
credit in your name and that last one

00:04:51.680 --> 00:04:57.120
i know it's kind of a pain and to be quite frank i don't want to advocate for

00:04:55.840 --> 00:05:01.120
those credit monitoring companies because i think at least some of them

00:04:58.880 --> 00:05:05.360
are a bunch of yahoos and i don't mean that in like uh yahoo the company way i

00:05:03.360 --> 00:05:08.720
just i mean they're idiots i remember being on the phone with one

00:05:06.880 --> 00:05:14.080
of them and complaining that their site doesn't support two-factor authentication even though there's a

00:05:11.520 --> 00:05:17.919
blog post on their site from like three years ago recommending that you turn

00:05:15.919 --> 00:05:21.759
two-factor authentication on for any sensitive accounts like and the guy he

00:05:19.919 --> 00:05:26.320
didn't even the guy on the phone okay low-level customer service person

00:05:23.360 --> 00:05:30.400
whatever didn't even know what 2fa was you have a lot of sense of information

00:05:28.160 --> 00:05:34.080
in there anyway it's all you can really do and it's

00:05:32.160 --> 00:05:38.800
really important in the event of a leak that you take action swiftly if your

00:05:36.560 --> 00:05:42.479
information is out there because in some cases the company responsible for the

00:05:40.639 --> 00:05:47.360
leak might cover your monitoring fees anyway and the thing is is like you

00:05:44.639 --> 00:05:51.360
never know what could come back to bite you

00:05:48.720 --> 00:05:51.360
and where

00:05:51.759 --> 00:05:57.759
and if you don't want anything to bite you check out bitdefender total security

00:05:55.360 --> 00:06:01.919
2019. their best in class security solutions for Windows mac Android and

00:06:00.000 --> 00:06:05.919
iOS have been awarded outstanding product of the year by av comparatives

00:06:04.000 --> 00:06:09.600
and they're trusted by over 500 million users worldwide that is half of a

00:06:08.639 --> 00:06:14.880
billion network threat prevention detects attacks including botnets and stops them

00:06:12.960 --> 00:06:18.639
before they begin and also prevents your sensitive information from being sent in

00:06:16.639 --> 00:06:23.280
an unencrypted format you also get ransomware protection a vpn service

00:06:20.960 --> 00:06:26.800
parental controls and autopilot a security advisor that provides

00:06:24.639 --> 00:06:30.400
contextual recommendations based on your device's usage and needs

00:06:28.639 --> 00:06:35.199
all of this is backed by comprehensive 24 7 support so check out the link below

00:06:32.800 --> 00:06:39.039
for more details as well as a special giveaway

00:06:36.880 --> 00:06:42.160
so thanks for watching guys like dislike check out our other videos leave a

00:06:40.639 --> 00:06:49.840
comment if you have a suggestion for a future fast as possible and don't forget

00:06:45.360 --> 00:06:49.840
to subscribe and ring the bell icon

00:06:50.000 --> 00:06:56.160
that's weird when you click it it doesn't ring

00:06:53.440 --> 00:06:59.840
also also they changed the bell icon so make sure you've got the bell icon on

00:06:57.840 --> 00:07:05.680
right there's off and then there's like on a bit and then there's like on all

00:07:01.680 --> 00:07:05.680
the time you want that one