How can we help you?

A data leak occurs when private data is exposed and/or made public on the internet. These sensitive data are various: e-mail, names, phone numbers, passwords, etc. It often happens that sites, to which you have entrusted your data, are not very secure and spread their information. This information, when it ends up in the hands of cybercriminals, is used to hack other targets.

It depends on the nature of the leaked data and what it allows access to. An email/password combination or a credit card number can lead to a compromised mailbox and much more.

The password is not normally stored directly. It is stored in the form of a "hash" which is a "hidden" form of the password. This hash is a sequence of numbers and letters that is unique to each password. This means that the mathematical operation that generates the hash will always answer the same sequence of characters for a given word. When you register for a website, you usually enter an email address and a password. Your password is then "hashed" and stored in the website's database. At a later connection, you enter your password, it is "hashed" and the string is compared to the one in the database. If they are identical, the same 2 passwords have been entered, you can connect.

Hash is not encryption in itself. It allows first protection, but it is generally a question of time before the hash is deduced. Indeed, hackers use dictionaries on which they apply hash algorithms and compare with the hash of the stolen database. These are sold on various platforms and feed an ecosystem linked to cybercrime.

A data leak has many different origins and is not necessarily the result of malicious intent. The main sources are the theft of a database from a corrupted site, an unintentional exposure of a database of a major operator in its sector, a ransomware attack on a structure containing sensitive data.

Not all data is of direct interest to any cybercriminal. There are "specialities" and each one requires a certain specific knowledge of an efficient exploitation. The most common ones are those that allow getting money quickly: credit cards, mailboxes that allow the pivot to other sites, social network accounts, etc. Each of these techniques is more or less the same. Each of these techniques is more or less random and requires more or less information. Some of them allow quick access to a network, others to collect money directly (direct exploitation or resale of the information). These data generally form databases because they are centralized, which reduces the attack surface. When they are compromised and disseminated, the consequences are more or less catastrophic, depending on their content.

A good password should be for a single service. For example, the password for your access to a particular site should be different from other passwords you use. It should contain a minimum of 12 characters containing numbers, upper/lower case letters and special characters. The characters must not be close to any known words in your language or any other language. They should not say anything about you (prefer a random number rather than a birth year). Use double authentication where possible. Do not store your passwords on the computer in a text file.

First of all, check that you still have access. Change the password quickly if possible and contact your IT department. Ask yourself if this email address has been used on other important sites and check that they are not registered with the same password. Contact professionals if you have any doubts.

We cannot offer complete protection against data leakage. We can only advise you as best we can and alert you when necessary. This is an audit, advice and warning service.