If you’ve ever wondered how all these spam emails are reaching your inbox, it’s because of data leaks and hacks. Once data gets out, hackers upload it to Dark Web marketplaces for anyone to buy and use. Tap or click here to see a website that will show you if your data is up for grabs. And now, a social network that emphasized security and privacy is under fire for leaking sensitive information from hundreds of thousands of users. This data was left unprotected — with no password required to access it — and even includes content from private messages. If you used this site, change your password now!

True, the privacy-centric social network, isn’t all that private anymore

When it first launched back in 2017, True billed itself as a social network that “protects your privacy.” But now, three years later, not a single part of it is private thanks to a massive data leak that occurred in September. SpiderSilk, a Dubai-based cybersecurity firm, was the first group to discover the breach. Speaking with TechCrunch, researchers explained how they found an unprotected, password-free database containing information on hundreds of thousands of True users. This database wasn’t just full of typically leaked information like usernames, email addresses and phone numbers. It also contained login tokens, geolocation data and private messages between users. To make matters worse, none of the information was encrypted — meaning anyone who found the database could read and search through everything. TechCrunch reached out to True for a comment on the leak. Immediately after, the database vanished. True responded saying it was aware of the leak — but did not explain whether it would inform regulators or users about what happened. True may not be a massively popular social network — but what happened to it shows just how dangerous a lack of data security can be for users. It’s also a great reminder to regularly check on passwords and security features for online accounts.

Am I in trouble? What should I do?

If you’re a True user, the best thing you can do is check to see if your data was breached on HaveIBeenPwned. This website catalogs stolen data from leaks and breaches — as well as whether or not usernames or passwords are compromised. Tap or click here for the inside scoop on the web’s biggest database of hacked logins. But regardless of whether or not your data was stolen, it’s a good idea to regularly check your accounts for fraud and make sure security features like two-factor authentication are turned on. Tap or click here to see how to activate 2FA for your favorite social media accounts. With this in mind, it’s also worth going through your accounts and getting rid of ones you no longer use. A breach or leak can happen at any time, which is why reducing the number of accounts you have will decrease the odds of exposure. If you’re ready to get rid of old accounts but aren’t sure where to start, try out JustDelete.Me. This website has a directory of links to get rid of hundreds of different online accounts. Sites are color-coded by difficulty, with green for easy, red for hard and black for impossible. When you’ve found the site you want to remove yourself from, click on the top name in the colored box to be redirected to the page on that site that lets you delete your account. If you need to remove yourself from a “hard” or “impossible” site, click on Show Info. This will show you specific instructions on how to remove your account. It may seem like a drag, but using the web comes with certain responsibilities. If you take the steps to protect yourself, your list of cybersecurity chores will be much smaller — and much less frequent. Stay safe! Tap or click here for more details on how to use JustDelete.Me.