Data breaches are so frequent, that it’s quite likely your email or phone number has been involved in one. It’s usually not your fault. When hackers get through a big company’s security, they may take a copy of whatever valuable account data they can. That can include your name, email, phone number, password…
Even worse, many companies don’t report their data breaches. It would be considerate of them to do so, but they often don’t want to draw attention to their failure. Some examples: Facebook had a data breach not too long ago, where 500M+ user accounts were violated, and they don’t have any plans to notify those users. Apple was compromised in 2015, and they only discussed notifying the 128M affected customers. But they dropped the ball and never reached out to their end-users.
To help you know when your account info has been leaked or stolen, use the Have I Been Pwned website. Created and maintained by a respectable Microsoft employee, HIBP is a free resource that will tell you if your info has been compromised anywhere on the web. Simply enter an email address or a phone number. HIBP will then tell you in which data breaches that info was involved.
If/when you find out where your info was violated, HIBP will recommend the use of a password management program (1Password). You can try that or stick with another method of managing passwords, it’s up to you. What’s important is that you have a system where you use a unique password for each website you log into.
And once HIBP tells you of any companies and their relevant data breaches, go to those websites and CHANGE YOUR PASSWORD! Or, if you are sure you won’t use that website again, you might look for a way to close your account there.
Lastly, you can also subscribe on the HIBP website, to receive notifications of future data breaches involving you. If your email or phone number turns up in next month’s big data breach, HIBP will shoot you an email, even if the problem fails to make the morning news.