Around two percent of people who shop online in Germany are affected by the current data gap in internet shopping portals. This is what online shop expert Mark Steier reports in “Zervakis & Opdenhövel. Live”.
Huge security hole in online stores
The problem: Consumers often don’t even know that their data is freely accessible to third parties on the Internet.
Because although the vulnerability has been known for a long time by computer security experts and state data protection delegates and has been reported in some media, so far no information or notice has been given to those affected.
Mark Steier has therefore provided a service on his website with which users can easily check whether their personal data has been spied on.
Online verification: Has my data been stolen?
In a nutshell, the tool searches the unsecured store data for the requested information.
Here is the website with the fact check:
However, the first name, last name, and postal code are not transmitted directly to the server, which would present a new security risk. Instead, a checksum calculated from the information is transmitted and does not need to be decrypted.
If the program finds the information, a warning is displayed; otherwise, everything is clear: “Your data was not found in the leak.”
Check your own data: More security controls on the web
In addition to blogger Mark Steier’s offering, which deals specifically with the current security gap in online marketplaces, there are other fact checks for consumers on the Internet.
the Identity Leak Checker of the Hasso Plattner Institute checks whether an email address can be openly found together with other personal data in known Internet databases, which would allow data misuse.
also the gate Have I been Pwned? (roughly translated: “Did I get caught?”) scans the data logs of known security breaches on demand.
What to do if the data has been stolen?
If users find their personal information in a leaked dataset, they should take immediate action.
From now on, those affected will have to monitor their money accounts and email boxes and be on the lookout for unexpected transactions.
Most important step: change the passwords of the affected email addresses. If necessary, the access data for online shops and similar services should also be changed.
It is essential to always use a different password for each service or provider you use. It should always be a strong password.
These are the criteria for a strong password
- at least 8 digits
- Use all available characters, i.e. upper and lower case letters, numbers and special characters
- no names, no idioms, no stars and marks, no dates of birth
- password must not be a dictionary term
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
