Your personal data’s been stolen, but you often won’t learn about it until long after Facebook, Equifax, Marriott, Yahoo, DoorDash or some other company you’ve trusted with your information notifies you that your birthday, Social Security or credit card number, health records or some other piece of personal information has been exposed in a data breach.
With your stolen information, hackers can do everything from making purchases and opening up credit accounts in your name to filing for your tax refunds and making medical claims, all posing as “you.” What’s worse, billions of these hacked login credentials are available on the dark web, neatly packaged for hackers to easily download for free.
All the latest tech news delivered to your inbox. It’s FREE!
Get more out of your tech
Learn smart gadget and internet tips and tricks with CNET’s How To newsletter.
You can’t stop sites getting hacked, but you can take a few steps to limit the damage done from the breach. If you use a password manager that creates unique passwords, you can ensure that if one site gets breached, your stolen password won’t give hackers access to your accounts on other sites. (A good password manager can help you manage all your login information, making it easy to create and then use unique passwords.)
Now playing: Watch this:
Are your login credentials on the dark web? Find out…
But after a hack, a couple of monitoring tools can alert you to which of your stolen credentials are out in the wild on the dark web, giving you a running start at limiting the damage the thieves can do. Here’s how to use two free monitoring tools — Mozilla’sFirefox Monitor and Google’s Password Checkup — to see which see which of your email and passwords are compromised so you can take action.
How to use Mozilla’s Firefox Monitor
Mozilla’s free Firefox Monitor service helps you track which of your email addresses have been part of known data breaches.
2. Enter an email address and tap Check for Breaches. If the email was part of a known breach since 2007, Monitor will show you which hack it was part of and what else may have been exposed.
3. Below a breach, tap More about this breach to see what steps Mozilla recommends, such as updating your password.
You can also sign up to have Monitor notify you if your email is involved in a future data breach. Monitor scans your email address against those found data breaches and alerts you if you were involved.
3. Tap Sign in to see a breach summary for your email.
4. At the bottom of the page, you can add additional email addresses to monitor. Mozilla will then send you an email at each address you add with a subject line “Firefox Monitor found your info in these breaches” when it finds that email address involved in a breach, along with instructions about what to do about following the breach.
How to use Google’s Password Checkup
As part of its password manager service, Google offers the Password Checkup tool, which monitors usernames and passwords you use to sign into sites outside of Google’s domain and notifies you if those login credentials have been exposed. (You may remember Password Checkup when it was a Chrome extension you had to add separately to Google’s browser. This is the same tool folded into Google’s password manager.)
1. If you use Google’s password service to keep track of your login credentials in Chrome or Android, head to Google’s password manager site and tap Check passwords.
2. Tap Check passwords again to verify it’s you.
3. Enter the password for your Google account.
4. After thinking for a bit, Google will display any issues it’s found, including compromised, reused and weak passwords.
5. Next to each reused or weak password is a Change password button you can tap to pick a more secure one.
How else to watch for fraud
Besides the tools from Mozilla and Google, you can take a few additional steps to watch for fraud.