Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I’m doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can’t or it seems like I can’t.
Even though I know better than to put such personal info online, but that doesn’t eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.
a good password manager will alert you when a site you have a password saved for has a breach.
also i’d say periodically go through your saved passwords and any that you aren’t using anymore, proactively ask the company to delete your data and close your account.
Pretty sure locally hosted pw-managers don’t do this (without plugins?) but are still good managers :D If Cloud Managers do this, doesn’t that mean that the provider knows for which sites you have accounts?
I use Bitwarden, and it only checks when I ask it to, after unlocking my vault.
A law to prohibit data collection would be nice.
The honest truth is you would have to be one of those in the woods off the grid types to actually protect yourself. For example, many utilities will require an SSN or SIN to credit check you along with obviously your name and service address. They obviously do not do that in house so they goto third parties (like the guys you mentioned) who keep troves of this information on file and swap information amongst themselves when beneficial. Considering that about half of the world’s adult age people may be in this list I would say there is more than a decent chance you are in this breach and probably have been part of others.
Also this is just one attack vector, there always exist other methods such as just paying someone with “authorization” for your data, be it a credit agency through deceit, a private investigator who does no vetting, or just bribing a government official/police officer.
After the OPM hack, i just carry on, make sure my password is changed. i use a pass manager so all my passwords are different.