ASK ST: YOU ASK. WE ANSWER.

Tips to protect your online accounts after a data breach

Over the weekend, Internet users were alerted to two massive data breaches involving their personal details including names, e-mail addresses and phone numbers.

Specifically, data from 2.8 million accounts of restaurant reservation platform Eatigo - including 400,000 belonging to users in Singapore - was put up for sale on an online forum. Additional information such as encrypted passwords and partial credit card numbers from 1.1 million RedMart user accounts was also advertised.

Here are ways to protect your online accounts after a data breach:

1. Change passwords

As a security measure, users should change their passwords in the app or on the website - whether the service provider has taken the default action of logging all affected users out of their accounts or not.

Also, do not use the same e-mail and password combination across online platforms as it will be easy for crooks to hack into the other accounts as well.

RedMart and Eatigo's breaches follow similar ones involving gaming hardware maker Razer and ride-hailing operator Grab that were made public in September.

2. Guard against phishing

Phishing is a mechanism whereby hackers pretend to be someone familiar or reputable and fool people into revealing sensitive information such as passwords.

For instance, hackers could pose as Lazada or Eatigo, using information harvested including users' names, e-mail addresses and purchase details to invite unsuspecting victims to click on embedded links to reset their passwords or verify their accounts.

Do not click on embedded links or reply to these e-mails. If in doubt, visit the website (by entering the URL of the site) to reset passwords directly, or do so via the app.

Clicking on embedded links would take users to rogue sites where hackers can harvest any sensitive information entered.

The threat of phishing shows no sign of going away. According to the Cyber Security Agency of Singapore, there were 47,500 cases of phishing in Singapore last year, a threefold increase from 2018.

3. Turn on 2FA

Whenever possible, turn on two-factor authentication (2FA), which requires one to enter a one-time password generated by a security token or delivered by SMS to log in or to stay logged in to an account. Most online platforms including Gmail have rolled out 2FA features.

A version of this article appeared in the print edition of The Straits Times on November 03, 2020, with the headline 'Tips to protect your online accounts after a data breach'. Print Edition | Subscribe