A 33-year-old Seattle woman named Paige Thompson allegedly exploited a vulnerability in Capital One‘s online databases to steal the credit card codes of millions of customers, according to the FBI. Capital One learned of the violation on July 17, 2019 when a security researcher sent an email to communicate that the company’s private information had been disclosed to a GitHub page, which the FBI claims was registered by Thompson. The vulnerability was related to an incorrect firewall configuration. According to the FBI, the manager installed a server in an unnamed cloud computing company to take advantage of the flaw. He then sent commands to Capital One’s databases starting in March to steal login credentials and access over 700 corporate folders. A copy of all the data was then created and saved in the following weeks. When a criminal hacking team gains access to your personal information, they typically try to monetize its unauthorized access as accurately as possible and as quickly as possible. What can you do when you realize you’ve been hacked?
HOW YOU WILL KNOW IT?
When a serious hack occurs, the news will cover it. If you suspect you might be a victim, check the news and the company website. Be aware that your antivirus doesn’t offers any protection against a security breach that occurs on a remote server. One of the first signs of a hacking, is unexpected bank account charges. Always read your credit card bills to understand each purchase, even with minimal costs. Card thieves occasionally make a few small purchases to make sure the card works, before making a large purchase. You can use a personal financial service, such as Mint.com, to keep an eye on all account transactions from one place. If you are lucky, your bank will detect fraudulent activity, refuse charges and issue a new card. An identity thief can also use your personal information to open credit accounts, or fake emails accounts to send spam or scams to your contacts.
WHAT HAPPENS NEXT?
Credit card compromission is actually the easiest hack to fix. You are not responsible for fraudulent charges and once the bank has issued a new card the problem is solved. Regaining control of a compromised email account can be more difficult. You will need to contact the email provider and prove that you are the true account holder. Of course, if the hacker changes the password, you’ll have to use an alternate email account. If you used that same password, other accounts may now be compromised as well. Even if you haven’t used the same password, you may still have problems. Think about it: if you forget a website password, what do you do? Click to receive a password reset link sent to your email address. A smart hacker who has control over the mail account will quickly search for other accounts, social media, perhaps, or worse, purchases and bank accounts. A password manager will be of great help.
WHAT TO DO IN THE EVENT OF IDENTITY THEFT?
Complete identity theft can be a nightmare. Victims can spend thousands of money over the course of weeks and months in an attempt to recover their identities online and regain control. The Federal Trade Commission offers excellent resources to help victims. Among other things, they suggest ordering credit reports so you can see what happened and file an official identity theft report with FTC. They also have a checklists with helpful reminders.
How can you protect yourself from hackers?
Sincethe EquiFax hack you’ve probably seen numerous articles urging you to freeze your credit, set up a fraud alert (which means you’ll need to follow additional verification steps to open a new account) and so on. Before proceeding, reflect on whether all these make sense to your situation. In the Equifax case, the real break-in occurred months before its discovery. As for credit cards, there isn’t much you can do, besides avoiding shopping at shady retailers, in the real world or online. New generation credit cards now fully protect transactions in person, but cannot help with online transactions. Payment systems based on mobile devices such as Apple Pay and Android Pay are actually safer than physical credit cards. Each transaction uses a unique number, so hackers get nothing by stealing existing transaction data. And you can also use the mobile payment system for online purchases. Protect your mobile device with a fingerprint or secure access code and don’t leave it unattended. Use a strong password and diverisy it for each account or website (use a password manager to help). On some sites, you can request a password reset by answering a few simple security questions. The problem is that, in most cases, scammers can search Google for answers to these questions. If you are allowed to type your security questions, choose very specific questions. If this is not available, use false answers that you will remember. As for protection from large-scale identity theft, there are a few things you can do: never fill in any information on web forms unless it is absolutely necessary, shred your paper invoices and sensitive documents, examine bank statements for suspicious charges and install a powerful security software on your devices.