We’re here to help you with your data security. Thanks to our switched-on, security conscious user base, we’re often asked about exactly how we handle all the data we comb through.
Keeping track of how organisations process and store your data is great security practice, and we’re more than happy to answer your queries on this matter. We hope this article will clear up a few misconceptions!
##Q: Why can’t you tell me the exact source of every data breach?##
While we’re always looking out for headline-grabbing breaches to major tech players like Google, these breaches are not your main threat when it comes to account security.
Most often, it’s the far less flashy – yet steady – stream of breaches coming from smaller, older websites with poor security. Some of your accounts might be so old that you’ve even forgotten you made them!
However, many people continue to reuse the same password for years across services, and if one of your older accounts is compromised… well, you can probably see the problem!
So, why can’t we always pinpoint exactly which site has been the victim of a breach? Put simply, when hackers post these smaller leaks, they often stitch them together into a single, giant file with accounts from potentially hundreds or thousands of different, smaller sources.
The source of each account listed in these files is almost always stripped out; appearing as a simple e-mail and password combination. This is most likely due to the hacker(s) wishes to avoid being traced.
When we find these breaches, we tag them as ‘Various (Hacker Database)’. Unfortunately, for the reasons we mentioned above, it’s practically impossible to give you more information – so we recommend changing as many of your passwords as you can when these leaks occur.
##Q: How can I trust BreachAlarm to store my passwords?## We never store your password for any service. The only one we keep is your login to your BreachAlarm account – and we store that as an encrypted hash, so not even we can access it!
##Q: Ok, so you don’t store my passwords. But I bet you’re storing other data!## Nope! We don’t collect or store any of your account data, nor any information linking you to any breach.
After you’re notified of a compromise, your email address is removed from the breach before it is stored. All breach data is stored anonymised and encrypted for the sole purpose of generating statistics.
We hope this cleared up a few of the most common questions about how we work. If you need anything else cleared up, take a look at our full FAQ, or simply drop us a line!