Here is something you need to do at least every few months or so. Go to this website:
Enter in your email address and click the PWND button. The search result will let you know if your email address was involved in any of the hacks, breaches, breaks, whatever from any of the online sites that report it.
If you get results, then go to the site(s) listed and change your password.
I now view all my email on my phone and online. I no longer download it. I was checking the spam folder of one of my accounts and saw I had sent myself an email. Usually this is a spoof or whatever but this one had the subject line that included an old password. And three of my websites have been hit with big login attacks. Added together, I took the safe road and with my webhost who confirmed it is a spam.
In addition to telling me to check out the pwnd site, they directed me to this article:
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
For the record, I don’t visit porn sites, I don’t have a webcam (that works), and lawd help them if they record me sitting here (if they could, that is). What I do have is a cool program called 1Password. It not only keeps track of them for me, it creates new passwords, lets me know if there are any too similar, and some other cool stuff. LastPass and Dashlane are two others. I found Dashlane to be rather intrusive in what it wanted to install on my computer, though. Do a Google search for ‘password manager’ and check them out. PCMag has a good review article as does CNET.
So, go to the Have I Been Pwned site, check your passwords, and put a piece of tape over your webcam.
*For those who don’t know, pwned is gamer shorthand for “pawned” and means to be really beaten (paper airplane meets flame kind of beaten).