In mid-March, a Reddit user asked if other people had heard of a data breach involving website Zeeroq. The poster said they received a notice from Credit Karma saying their email address was exposed and they wondered what they should do after receiving the notice of the data breach.
A journalist with VERIFY also received an alert from their Google account that their information was found on the “dark web” in connection with Zeeroq.com.
Recent search trends indicate people across the U.S. have been wondering about Zeeroq. “Zeeroq breach 2024” and “what is Zeeroq website” were both breakout trends across Google search.
Here's what you need to know if your data has been compromised.
THE SOURCES
- Credit Karma
- Cybernews and InsecureWeb, websites that cover data breaches and cybersecurity
- Identity Theft Resource Center
- National Cybersecurity Alliance
- Federal Trade Commission (FTC)
- Equifax
- Experian
WHAT WE FOUND
Earlier this year, websites Cybernews and InsecureWeb published information about a large data breach in which billions of records containing personal information were exposed on the dark web. This prompted companies like Credit Karma and Google to warn people that their information was found online or exposed in the breach.
Zeeroq, as well as well-known companies like LinkedIn, MySpace and Adobe, were among the names of companies or websites that were breached, Cybernews, a website covering cybersecurity and technology, reported.
According to InsecureWeb, a company that monitors the dark web, the records were shared online, where personal information “can be exploited for various malicious purposes such as identity theft, phishing attacks, and unauthorized access to other online accounts.”
Cybernews said more than 26 billion records were part of the breach, but duplicates “are also highly likely,” meaning it’s not the first time the personal records were exposed. So, someone’s personal data that has been exposed in a previous leak could have had their information reshared in the latest data breach.
“The leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors,” Cybernews reported.
Credit Karma confirmed that as part of their identity monitoring service, an email was sent to some people warning them of a data breach involving Zeeroq. But Credit Karma could not provide VERIFY with many details about Zeeroq itself as a company or website. At the time of publication, Zeeroq.com was defunct.
What to do if you received notice of a data breach
There were more than 3,000 data compromises in 2023 that impacted more than 350 million people across the U.S., according to the Identity Theft Resource Center.
The National Cybersecurity Alliance says if someone received notification of a data breach, the first thing they should do is research what information was compromised and look for any statements from a company or credit monitoring service to find out the level of the breach.
“Look up stories from high-repute news organizations and info from trusted cybersecurity outlets. This will help you understand the scope and nature of the data breach, including the type of data compromised and the potential risks associated with the exposed information,” the Alliance says on its website.
Here are additional steps you can take to protect yourself and your accounts:
Report the breach to your banking institutions and credit bureaus
If you think that your social security number or other important personal details like your date of birth were compromised, you should contact your bank and consider freezing your credit, the Federal Trade Commission (FTC) says.
According to the FTC, if a company is responsible for exposing someone’s personal information and offers free credit monitoring, “take advantage of it.” Monitor a credit report for any accounts or charges that aren’t recognized, and freeze your credit if there is unusual activity.
According to Equifax, one of the major credit bureaus, the security freeze restricts access to the credit report so people can’t extend credit in your name. When you want to apply for credit, or when you know your credit is safe, you can request to temporarily or permanently remove the security freeze.
Here is how to contact the three major bureaus:
Equifax
- https://www.equifax.com/personal/credit-report-services/
- (800) 525-6285
Experian
- https://www.experian.com/fraud/center.html#content-01
- (888) 397-3742
TransUnion
- https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp
- (800) 680 -7289
More from VERIFY: Your credit score won’t automatically take a hit after a data breach
Change your passwords and add two-factor authentication to your accounts
A lot of personal information is kept in online accounts and is accessible if someone has your login and password, including email, bank account, and other personal data. Changing your password is a necessary first step when your information is exposed in a data breach. Here are tips to consider when creating a new password:
- Make sure the password is at least 12 characters long
- Don’t use the same password for multiple accounts
- Set up multi-factor authentication, or two-factor authentication requirements
- Choose a password manager, like LastPass, that helps keep track of passwords
- Pick a security question only you know the answer to
By setting up two-factor authentication, if you or someone else tries to get into one of your accounts, an alert will be sent to an application or a code will be sent via text message.
No one will be able to log into your account, even if they have the password, if they don’t have the additional code.
If someone is using your information to open new accounts or make purchases, you can get help at IdentityTheft.gov.
Here are more VERIFIED ways to protect yourself after falling victim to a scam.
This story is also available in Spanish / Lee este artículo también en español: Qué hacer si eres víctima de una filtración de datos