1

There have been quite a lot of data breaches in the past and I wonder how the companies got to know them. Were they only finding it in the news? Did individuals inform them?

What about small data breaches, e.g. if you have a user who has an account that was hacked but the exact same (email, password) combination is used in my service. Is it possible to get to know that and thus block the user?

If you have thousands of image/document files, is it possible to have something like a google alert to get a notification if the document has been shared (e.g. by creating a hash of the file)? Are there services providing that already?

Martin Thoma
  • 3,902
  • 6
  • 30
  • 42
  • These are a lot of different questions jumbled into one. Different companies and different breaches will have different answers. – schroeder Sep 15 '20 at 15:13
  • How would you know what the 3rd party account was and what the password was? Are you aware that HIBP won't even show passwords? – schroeder Sep 15 '20 at 15:14
  • 1
    Duplicates: https://security.stackexchange.com/questions/32862/how-would-you-detect-whether-customer-data-has-been-leaked and then just about everything tagged `watermark` for your last question. Yes, there are commercial services that will scour the internet for watermarked files. – schroeder Sep 15 '20 at 15:17
  • See also: [Find leaked PDF](https://softwarerecs.stackexchange.com/q/76086/1834) – Martin Thoma Sep 16 '20 at 06:36

1 Answers1

1

There have been quite a lot of data breaches in the past and I wonder how the companies got to know them. Were they only finding it in the news? Did individuals inform them?

Depends on the person who hacked them. If its someone who does it for fun/research they may contact the company and tell them about their findings.

What about small data breaches, e.g. if you have a user who has an account that was hacked but the exact same (email, password) combination is used in my service. Is it possible to get to know that and thus block the user?

You can check that user's email on www.haveibeenpwned.com

f you have thousands of image/document files, is it possible to have something like a google alert to get a notification if the document has been shared (e.g. by creating a hash of the file)? Are there services providing that already?

Yes you can. There are services for that.

The-Kernel-Panic
  • 11
  • 1