Most online "hacking" isn't a hooded genius breaking through a firewall. It's ordinary, automated, and aimed at whoever is easiest — which usually means whoever reused a password or clicked a convincing link.
What an account really is
An account is just a username plus a secret — usually a password — that a company's computer checks before it trusts you. Get the secret right and the computer assumes you're you.
That data doesn't live on your phone. It sits on servers — other people's computers, in buildings you'll never see. Every time you sign up somewhere, you're trusting that company to guard your secret. Some do this well. Some don't.
When a company gets robbed
A data breach is when the data a company stored gets stolen or exposed. It's their failure — but you're the one who lives with it, because your details were in the pile.
Here's the part that surprises people: information online is copied, not moved. Once your password or a private photo leaks, attackers have a copy forever. You can change the password going forward, but you can never un-leak the copy that's already out there.
The one idea to take away
Breaches are routine. Assume some of your details are already in a leak somewhere, and plan for "when", not "if" — calmly, not in a panic. The defences in the lessons ahead are exactly how you stay safe anyway.
Who's actually after your stuff
Not spies, and almost never anything personal. For everyday people, only a few groups really matter:
- Automated bots that try leaked passwords on thousands of sites a minute.
- Scammers who send the same fake message to millions and profit from the small percentage who reply.
- Opportunists — someone who finds your unlocked phone or guesses your PIN.
What they want is almost always the same: money and access, at massive, impersonal scale. The fastest route to both is your accounts — especially your email, the master key to your online life. Lose control of it and an attacker can hit "forgot password" on almost everything else and have the reset links delivered straight to them. That's why so much of this course circles back to protecting your email first.
What actually protects you
Three boring things stop the large majority of attacks:
- A unique password for every account (a password manager does this for you).
- Two-factor authentication on the accounts that matter.
- Backups, so losing a device is an inconvenience, not a disaster.
We'll set each of these up in the lessons and sections ahead — starting with your accounts and passwords next.