11 Ways Your Personal Information Is Getting Hacked (And What You Can Do About It)​

These days, all our accounts are online: mobile phone, cable, satellite television, utilities, banking, credit card, media streaming, social media and more.

Most people think privacy is dead. But is it?

First of all, it depends on what you mean by privacy. There are actually three aspects to privacy: your physical location, your online activity and your personal information.

Your personal information is information that can identify you: your name, address, phone numbers, Social Security number and birthdate. Also, any details about you or your life: the names of your family and friends, your mother’s maiden name, where you went to high school or college, your first car, your pet’s name, etc.

This information can be used to gain access to your accounts or steal your identity. As such, someone can do a lot of damage if they get ahold of your personal information. These are the 11 ways your personal information is getting hacked and what you can do about it:

1. Your accounts are opted into sharing your information.

A lot of the time when you sign up for an account, the terms you agree to often have a clause that allows the company to share your information.

What can you do?

Opt out of sharing your information on all of your accounts (including credit card and cellphone accounts) by calling the company or logging into your account online and checking your account settings. This is probably the most important thing you can do to safeguard your personal information.

2. You’re providing personal information to websites.

When you sign up for an account, you will usually be asked for your name, address, phone number, email address and/or birthdate — at the least. Often, you will also be asked to set up security questions.

What can you do?

Provide false information whenever possible, including when providing answers to security questions. If your full name isn’t required, you can usually get away with giving one or two letters for your first and last name. If the site asks for your birthday, unless you are applying for credit or something where they need to do a credit check, it will probably use your birthday for account recovery. Just give a fake birthday and be sure to write it down somewhere.

When you set up security questions (such as “What is your mother’s maiden name?”), make up the answer. Just be sure to write down your answers as well in case you ever need to recover your account.

3. You’re giving out your email address or cellphone number.

Almost every account requires an email address, and a lot of them require a cellphone number as well so it can be used to send you a text message for two-factor authentication.

What can you do?

Use a service such as Abine Blur to create masked emails and phone numbers. If you start receiving spam at any of your masked email addresses — or if you start receiving unsolicited calls to a masked phone number — delete the masked email or phone number and create a new one.

You can do something similar with a Gmail account. If you have one, you can append a nontraditional alias to your email account or replace gmail.com with googlemail.com when signing up for other websites. For example, if your email address is example@gmail.com and you are signing up for an account at github.com, you could instead give them example+github@gmail.com, e.xample@gmail.com or example@googlemail.com. Unfortunately, unlike with Abine, if you decide to change your email address, you will have to change it on all of your accounts. Also, if you start getting spam at one of those email addresses, you can’t stop it.

4. You’re leaving third-party cookies enabled.

Third-party cookies from ads on the websites you visit track you as you move between websites. Advertisers place these cookies in their advertisements, allowing them to follow your movements and create a profile of you for the purposes of targeted advertising.

What can you do?

Disable and delete third-party cookies in your browser settings. You will still be able to view 99% of websites, but if you do run into a problem with any (they will tell you that your cookies need to be enabled), simply enable third-party cookies to log in and then disable them again.

5. Data broker and doxing sites.

This is where things get pretty scary. Data broker and doxing sites are websites that collect publicly available information and give it away for free and/or sell it. For example, check out familytreenow.com — a data broker site that masquerades as a genealogy website. (Before you do, though, I highly recommend you disable third-party cookies and use private browsing mode.)

What can you do?

Ask these sites to remove your information. This will take a lot of time because there are a lot of sites. You will need to find the privacy link, usually at the bottom of every website, click it and follow the instructions. If they ask for a driver’s license, make sure you black out your photo, your signature and the ID number.

The current list I have is:

List of data broker sites

6. Your credit reports.

Your credit reports are a treasure trove of personal information. The fewer people who have access to that information, the better for your privacy.

What can you do?

You have two options. Either put a credit freeze on your three credit bureau accounts (Equifax, Experian and TransUnion) or put a fraud alert on them (or do both).

You will have to contact each agency to request a freeze on your credit. This means anytime someone wants to check your credit, you will have to contact each agency to temporarily lift the freeze, either by calling or going online and giving your assigned PIN. A credit freeze does not expire.

To put a fraud alert on your credit report, contact one of the agencies and that agency will notify the other two. TransUnion is probably the easiest. When you activate a fraud alert, you will be asked for a phone number. Anytime someone checks your credit, the credit bureau will have to call you to verify it is a legitimate request. Typically, you will have to reauthorize the fraud alert every 90 days. If you use TransUnion, you can just go to their website to reauthorize it.

7. Using social accounts or Google to log in instead of creating separate logins for websites.

Recently, websites have started offering the option to log in using Facebook, Google, Amazon or other accounts. In these cases, you are giving up privacy in exchange for convenience because two websites share your information with each other.

What can you do?

For better privacy, create unique logins for every website.

8. Using your home address as your shipping address.

If you use your home address as your shipping address, you are basically giving out your home address to a lot of companies.

What can you do?

Get a P.O. Box or mail drop (like a UPS box) to give to companies as your shipping address. If you use a mail drop, you get the added bonus of not having packages left on your front porch for thieves to steal.

9. Sending personal information via email.

Whenever you send an email, it is routed to its destination via two or more servers. Every email server gets a copy of your email and its attachments.

What can you do?

The first answer is the most obvious: Don’t send personal information via email.

Instead, send it via fax or snail mail. The other option is to encrypt your email and its contents. Both you and your recipient will need to use the same secure method, such as PGP (Pretty Good Privacy) or an open source email client like ProtonMail.

10. Sending personal information via text messages/SMS.

Just like most email, text messages are unencrypted and routed via servers that get copies of your messages — unless you take precautions.

What can you do?

Again, the first option is not to send personal information via text messages. Instead, send it by fax or snail mail. The second option is you and your recipient can both use an open source encrypted messaging app, such as Signal, WhatsApp or Telegram.

11. Paying for goods or services online with a credit card.

When making a purchase online, most people use their credit card. Companies usually ask for the credit card number, security code and expiration date, as well as the name on the card, billing address and phone number. Not only can employees possibly access this information, but the company may not safeguard your information and hackers can steal it.

What can you do?

There are many alternatives to using credit cards including gift cards and digital currencies like PayPal, Android Pay, Apple Pay, Abine.com and Privacy.com. With these services, you entrust your information to one company instead of every company. Most of these services also hide your purchases from your credit card company as well.

Chris Campbell

Written By Brodie Mower

Brodie Mower has a bachelor’s degree in computer science. He has worked for many years in the IT industry and is currently a database specialist. He also has a passion for personal security, privacy and safety. As such, he has an understanding of sand boxing, password managers, masked emails, internet cookies, supercookies, VPNs, proxies, routers, MAC addresses, TOR, online data brokers, encrypting cloud services, open source software and more.