How To Protect Your Personal Information Online

Do Hackers Have Access To Your Personal Data?

Chances are, at least some of your personal information is online somewhere — whether compromised in a recent data leak, exposed on the Dark Web, or shared in data broker profiles. 

While these privacy breaches might just reflect an unfortunate aspect of our modern-day digital lives, having too much personal information online can put you at serious risk of scams, spam, and even identity theft. 

The best steps you can take to protect your online privacy are to:

• Secure your accounts and devices with strong and unique passwords and two-factor authentication (2FA). 
• Share less information to minimize the damage of future data breaches.
• Make it harder for hackers to connect the dots whenever possible by using fake information, email aliases, and other techniques.

But securing your personal data is only one step. It’s also important to know what information is readily available online so that you can protect yourself and your family from further damage.

{{show-toc}} 

How To Find Out What Hackers Already Know About You

If you use the internet or online services, it’s likely that personal details including your name, birth date, location, education and employment history — and potentially even your bank account details — can be found online. 

If you’re curious about what information is contained in your digital footprint, you can use Aura’s free scanner to learn what hackers know about you already.

{{hacker-view-widget}}

Even if your information is already online, knowing what information is available can help you take appropriate steps to secure your accounts, update settings, and protect your privacy. 

12 Ways To Keep Your Personal Information Safe Online

Keeping your personal information secure online requires a combination of good cyber hygiene practices — as well as actively removing data that has been leaked so that you can limit what people are able to find out about you. 

1. Secure your online accounts with strong passwords

Password-protected accounts, such as your email or social media accounts, often contain your most sensitive personal information. Make sure these are secured with strong, unique, and complex passwords. 

At a minimum, ensure that you’re using different passwords for every account. If you reuse passwords, it only takes one correct guess (or leaked password) to unlock access to all of your private accounts.

🤔 Pro tip: A secure password manager can help you create, store, and easily access complex and unique passwords. All you need to do is enter your master password to log in to any account. Aura’s password manager (which is included on all Aura plans) can even warn you about leaked or weak passwords.

2. Enable two-factor authentication whenever possible

Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a one-time-use code or biometrics (such as a fingerprint or facial scan) along with your password to gain access to your accounts.

While 2FA is a powerful security measure, not all forms of 2FA are totally secure. 

Most people opt for the easiest — which is to receive a code on their phones via SMS. However, these codes can be intercepted if you become the victim of a SIM swap scam. Instead, try to opt for an authenticator app, such as Google Authenticator, Okta, or Authy. 

📚 Related: What To Do If You Were Hacked (Recover Hacked Accounts) →

3. Make sure devices and apps are up to date

Outdated apps, operating systems, and devices can contain security vulnerabilities that hackers exploit to gain access to your private information. This can include weak encryption or firewalls, outdated third-party APIs, and buggy microphones or cameras. 

Keeping your devices up to date ensures that you have the latest security patches in place — and aren’t making it easy for hackers to access your devices.  

4. Delete old or unused apps, browser extensions, and accounts 

Old sites and apps are appealing targets for scammers, as these may have weak security protocols in place — and victims will be less likely to notice a hack or leak. 

For example: 

• Old browser extensions can reveal your search history.
• Old apps can connect scammers to linked accounts.
• Old accounts can contain information that helps scammers predict answers to your security questions (or impersonate you online).

Uninstall these apps, and get rid of old accounts. If you don’t see a way to close an account, reach out to the company’s support team and request that they delete your account and data.

5. Regularly back up your data to a secure location

Last year, one out of every 10 cyber attacks around the world involved ransomware [*]. This type of malware allows hackers to steal your personal information and then threaten to delete it unless you pay a ransom. 

Whether you’re worried about viruses, crashes, or other threats, it is always a good habit to keep regular, secure backups of your data. Even if your laptop or mobile device gets hacked, you can perform a factory reset and not worry about losing your personal information. 

While there are cloud services that can securely back up your data, consider using physical hard drives to store more sensitive information. 

6. Tighten your social media privacy settings

Publicly available information contained in your social media accounts can show criminals, stalkers, and anyone else where (and with whom) you spend your time, as well as what activities you enjoy. 

While you may not want to fully lock down your profile, you should tighten your social media privacy settings:

• Set your account to private so that only people known to you can see your activity and contact information.
• Disable location sharing to enhance your physical protection. Criminals won’t see where you live or places to which you may be traveling if, for instance, you post vacation photos.
• Go through your friend list and remove any connections to people you don’t know and suspicious-looking accounts that may be stealing your personal data or photos.
• Review the site’s data policy to see what data they are collecting (or even selling) to other companies. Remove any unnecessary information in your profile, or replace it with fake phone numbers and email addresses.

📚 Related: How Can Someone Track My Location (and How To Stop Them) →

7. Use fake information when signing up for non-essential accounts

When signing up for free trials, newsletters, one-time downloads, or even online services, you don’t have to disclose all of your real information. In fact, the less information you have online, the harder it is for identity thieves to patch together robust files on your identity.

Another best practice is to choose the “guest” option when checking out of an e-commerce store. This way, your email address, shipping address, and credit card or financial information won’t be stored in a database that could one day be breached.

🤔 Pro tip: Using fake information can spare you from receiving spam. Fake data makes it more difficult for advertisers to build an accurate profile of your location, habits, and preferences.

8. Take advantage of email aliases or secondary accounts

Using burner email addresses and accounts to register for promotions or sweepstakes protects the real accounts that you use each day. If cybercriminals penetrate a throwaway email account, they’ll get access to a bunch of spam emails — not the important ones.

Plus, websites often use your email address as a unique identifier to link data across platforms. Using aliases or secondary accounts makes it harder for third parties to build a comprehensive profile of you, which could be leaked or sold to not-so-trustworthy buyers.

📚 Related: How To Stop Spam Emails Right Now →

9. Remove your personal information from data broker lists

Data brokers (also known as “people search sites”) collect large banks of personal data by scraping public records and websites. These detailed profiles can store anything from basic demographic information to health records.

Data brokers sell this information to legitimate companies. But sometimes data ends up in the wrong hands, leading to an impersonation scam or identity theft. Removing your information from data broker lists can help you avoid identity theft (and limit the telemarketing calls that you get) — but it’s a painfully slow, manual process.

10. Request that your contact details be removed from Google search results

Over time, public-facing sites and search engines collect your home address, phone number, and/or email address. This means any of those data points could show up in a Google search.

Luckily, Google allows you to request that your contact and personal information not show up in search results:

• Type your name and location into Google search.
• When you find a website sharing this data, click on the three dots above the link.
• Select Remove result, and then: It shows my personal contact info.
• Run through the reporting flow, and submit your request.
• You can monitor the status of your request in the “Results about you” page.

⚠️ Note: This won’t actually remove your personal information from the offending website. Instead, your data just won’t be shown in Google search results. To have the information completely removed, you need to contact the website owner directly. 

11. Don’t click on suspicious links in emails, text messages, or DMs

Scammers use phishing links to trick you into entering your personal information on fake websites (or accidentally downloading malware to your device). 

If you’re not familiar with the person sending you a link, do not click on it. Even if a message comes from someone familiar, hover over the link on your computer to see where it’s taking you — a fraudster may be trying to entrap you in a phishing scam. 

If you think you might be on a fake website, pause before entering information — especially sensitive data like your Social Security number (SSN) or credit card details — and check for signs of a scam: 

• Review the URL. Make sure you’re on an official website and not a look-alike domain. For example, beware of sites that use familiar or similar names as part of a longer URL — such as “Airbnb-support-services.com” or “faceb0ok.com.”  
• Check the domain age. Paste the URL in a Whois domain lookup. These sites show how long a domain has existed and who owns it. If it was recently registered, or most of the registrant details are hidden, consider these red flags.
• Look for signs of inauthenticity. Stay away from sites with odd copy, stretched-out logos, slow loading speed, or branding colors that don’t match a known brand.

12. Browse with a VPN to hide your activity and history

Using a virtual private network (VPN) is another way to keep your personal data safe online. When active, a VPN encrypts your data as you browse the web, so that no one — including hackers or your internet service provider — can see where you go online, what you do, or any of the information that you submit. 

A VPN is especially useful if you’re using public Wi-Fi. Most public Wi-Fi networks are unencrypted, allowing attackers to intercept login credentials for important sites like your online banking account. But if you’re using a VPN, scammers won’t be able to see what you’re doing or steal your personal information. 

What To Do If Your Personal Data Is Leaked

It’s almost impossible to completely secure your personal information online; but with a few steps — and the right tools — you can protect yourself against scammers. If your sensitive information has been leaked (especially your SSN or financial details), you should:

• Freeze your credit with all three bureaus (Experian, Equifax, and TransUnion). A freeze prevents anyone (including scammers) from accessing your credit reports and applying for credit in your name. When you contact each bureau, you’ll need to confirm your identity to initiate a freeze. The bureaus will each give you a PIN that you can use to unfreeze your credit file as needed.
• File an identity theft report with the Federal Trade Commission (FTC). Upon submission, you’ll receive an official identity theft report that you can use to dispute fraudulent charges, as well as a personalized identity recovery plan. Head to IdentityTheft.gov, explain your situation in detail, and then upload receipts, bank statements, and other evidence to support your case. 
• Update compromised passwords and accounts. If you’ve reused any passwords, or even parts of passwords — like a name or series of numbers — fraudsters can use that information to conduct credential stuffing attacks and gain access to your other accounts.
• Scan your devices for malware. Fraudsters can steal your information via spyware, adware, or viruses. An antivirus scan can help to identify and remove malware before it exposes more of your information or spreads to other devices.

While you can take steps to protect your personal information online, cybersecurity tools like Aura do the hard work for you. 

Aura combines award-winning identity and credit protection features with advanced digital security tools for all of your devices. Not only will you get antivirus software, a secure VPN, password manager, round-the-clock Dark Web monitoring, and data breach alerts — you’ll also have access to 24/7 support from Aura’s U.S.-based team of certified Fraud Resolution Specialists.