A data breach sounds like bad news for everyone, but there’s a silver lining when it comes to identity verification.
Every year sets a new record for the number of exposed records in a data breach. In 2020, the volume jumped by 141% with 37 Billion records lost.
Now, of course, this is bad news for the companies affected. Perhaps even more so for their users. It puts their accounts at risk and forces them to take preventive actions.
But we can also use that information judiciously to protect them. In fact, a data breach can actually inform processes like alternative credit scoring with the right fraud prevention tool. Let’s see how it works in practice.
What Is a Data Breach?
A data breach is an event where information that was held privately is made public. It tends to cover personal, confidential, sensitive, or hidden data that is revealed by unauthorized people. Most companies will be familiar with data breaches after a fraudster, cybercriminal or bad agent steals company information and sells makes it available online.
The most common type of data breach tends to affect user records, which are exchanged or sold on online marketplaces. Darknet marketplaces are particularly well-suited to buy or sell data from companies – especially if those databases contain private information such as IDs, credit card numbers, bank account numbers, social security numbers, or login details.
How to Check an Email Data Breach?
It is important to learn if your personal information has been revealed due to a data breach. You can do so manually, by looking at the latest news about data breaches. The go-to place for data leaks is undoubtedly haveibeenpwned.com, the number one website to find compromised information.
At a glance, it will let you see if your email has appeared in any data breaches, which ones, and will give you background information on the leak.
There is also a step-by-step guide on how to improve your own security (usually including paid sponsorships by password managers).
It’s also worth noting that a growing number of companies, such as Firefox, allow you to check if your personal information has been compromised directly within their product. Google will also regularly send security emails if your details have appeared on online leaks.
What Happens After an Email Data Breach?
The reason data breaches happen in the first place is that criminals can resell the information on the dark web. So that’s the first thing that will happen.
You’ll come across huge data dumps, as they’re called, which are sold in bulk on shady internet forums.
These account login details are used for account takeover (ATO attacks), or credential stuffing, where fraudsters attempt a combination of the email and password on numerous services.
As a side note, this is why using slightly customized passwords for different services can backfire. If your Gmail password is passw0rd4Gmail, it’s easy enough to infer what it will be for LinkedIn.
If fraudsters do succeed in getting in, they will mine the accounts for personal details or, ideally, currency (crypto fiat and even bonus points).
Now if we switch over to the company that lost the data’s side, it will probably have to inform their users. This is especially true for European companies since the GDPR forces companies to publicly acknowledge when they’ve lost customer records.
Once the user is made aware of the leak, they tend to change their passwords – but not the email address. This is where it becomes interesting from a fraud management perspective.
How to Prevent an Email Data Breach
Preventing data breaches takes effort from your security team, IT team and every employee and executive. Training and education goes a long way, and here are steps you can implement today:
- Educate employees about email security: that includes teaching everyone about how to securely open attachments, verify senders’ information, and scan for malware and viruses.
- Promote anti-phishing practices: another example where prevention is better than the cure. If you can teach everyone how to detect phishing attempts and social engineering, you’re essentially blocking access to any potential valuable data.
- Secure logins for everyone: a lot of data breaches happen after criminals log into your business using other people’s accounts. You can secure the login stage to prevent what is known as an Account Takeover, or ATO attack.
- Boost your IT security: last but not least, you should ensure you are ready to handle potential DDoS attacks, MitM attacks, Cross-Site Scripting attacks and other techniques that could leave your site at the mercy of cybercriminals.
How to Verify Users with Data Breach Checks
The good news is that data breaches can be turned into a force for good. That is, in the context of fraud prevention, where you can check if data has appeared in a breach before. Here is how it works:
Email Checks at the Signup Stage
When users sign up for your service, chances are they must provide an email address. We’ve previously covered the merits of an email analysis tool in another post, but in the context of data breaches, here’s the key takeaway:
- An email address that appears on a data breach check is likely from a legitimate user. It means the address is mature, and you may even be able to infer its age.
- An email address that doesn’t appear on a data breach check should be considered riskier. It may be freshly created, or even a throwaway.
This is a tremendous advantage in modern credit scoring, where you need to calculate how risky a user is based on as little data as possible.
You can read more about how to reduce fraud with reverse email lookup here.
Email Checks at the Login Stage
Things get even more interesting at the login stage. One way to ensure only legitimate users get into their accounts would be to keep an eye out for the latest data breach news, and manually check if their login details have been leaked.
But there’s a smarter way to automate checks: using a combination of email analysis and device fingerprinting.
Put simply, here are examples of rules you could set up:
- If the email has recently appeared on a data breach check and the user seems to connect from a new device, you should increase the risk. This is highly likely pointing to an account takeover.
- If the email has recently appeared on a data breach check and the user is connecting from a trusted device, you could suggest a password change. It’s never a bad idea to educate users about the value of their accounts to prevent later damages.
You could even go into more sophisticated setups using velocity rules, for instance. If a user email appears on a data breach, logs into their account, and makes a password reset request within a short timeframe: does it mean they are legitimate users worried about their accounts? Or an opportunistic fraudster?
Only a previously installed device fingerprinting solution will help complete the full picture to reduce customer insult rate and improve security.
In conclusion, you can see how checking for a data breach can be a boon for fraud managers. It may seem counterintuitive, but sometimes, the work of cybercriminals can actually be employed against them.
Of course, this is just one weapon in your email profiling arsenal. You’ll also need to complete the picture using every tool at your disposal, such as IP analysis, device fingerprinting, and ideally custom rules specific to your industry.
Yes. You can go to a website such as HaveIBeenPwned and type in your email address. The system will check all the latest data breaches to let you know if your information has been compromised.
Yes. You can do unlimited manual checks for free. However, if you want to do batch checks or to connect to their API, you will need a paid account.
Yes. You may receive an email alerting you that your information has been found on a data breach.
It means you are vulnerable to an account takeover attack, where someone logs into your account illegally. The best thing to do is to regularly change your passwords – especially if your data has been leaked online.
No. But a phishing email could lead to a data breach. Fraudsters use phishing emails to gather information about people, including company employees and those with access to business data. If they can impersonate them through social engineering, it is very likely that it will result in a data breach.
Showing all with `` tag
See a live demo of our product
Get our latest newsletter
Join over 6000 companies in getting the latest fraud-fighting tips