We all know that, in order to keep your online accounts and data protected, you shouldn’t reuse passwords. Of course, actually sticking to that sound advice can be a bit more challenging. Moreover, if you’ve since wised up and changed your ways, accounts you may have forgotten about could still leave to trail for hackers to follow, leaving a wake of damage along the way. Admittedly, this is something I’ve recently fallen victim to.
Last month — while in Vegas, incidentally — I woke up to a different kind of Hangover. As I was about to get started working for the day, I got an e-mail from Spotify notifying me that I had changed my password. The problem? I hadn’t. Since I still had the app open on my computer, I was still able to access my account and, sure enough, saw that the e-mail address had been updated and new playlists were being assembled. Thankfully, after a chat with Spotify that included verifying that I was who I said I was, I regained control of my account. Even then, though, I was still mildly terrified, leading me to go on a password-changing spree.
As it turns out, had I been paying more attention to Credit Karma, I may have been able to save myself a bit of a scare. Although there are several features I frequently use on Credit Karma, for some reason, their (free) Identity Monitoring tools were not among them. That should change now as I’ve realized how helpful that page can be. In addition to offering a list of compromised passwords you should no longer use, it also catalogs other breaches you’ve been found in — even if it can’t say exactly what the password that was exposed was.
Given those dots to connect, I’m guessing that my Spotify incident came as a result of the Canva hack in May 2019. In other words, I had plenty of time to see this issue and take action. I should also note that this is now the second time I’ve experienced something like this after my Starbucks account was compromised as the result of my using an ancient password. Fool me once…
Take it from someone who well knows: having someone access your accounts is never a good feeling. In this case, I was actually quite lucky that more damage wasn’t done (mostly because I’m only slightly smart enough to make my banking and e-mail passwords different). So, in addition to bringing more variety to your passwords from here on out, might I also recommend checking out Credit Karma to see where your information may have been exposed? It just might save you some heartache down the road.