Have I Been Pwned? reveals if your email or passwords have been stolen by hackers

Victoria Woollaston August 8, 2017

Ransomware. Data breaches. Election hacking.

Have I Been Pwned? reveals if your email or passwords have been stolen by hackers

It seems like there are myriad ways cybercriminals can steal your money and your data, dumping account details online faster than we can keep up. British retailer CeX recently had to admit 2 million account details had been stolen while a massive hack saw the emails of 711 million people at risk from criminals. HBO was the latest high-profile victim, while the Kronos malware also hit headlines when it was linked to WannaCry hero Marcus Hutchins who was recently arrested in the US on cybercrime charges.

More recently, an Equifax breach saw the social security numbers, credit card details and personal information of 143 million people being accessed by hackers between May and July 2017. A limited number of UK and Canadian customers were also hit.

If you’re worried about being hacked, or feel like you may have fallen victim already, there is a number of sites where you can check if your account details are being sold online and steps you can take to avoid it.

Have I Been Pwned?

Set up by security researcher Troy Hunt, Have I Been Pwned? has become the go-to site for concerned web users. Hunt catalogues all the email addresses and other data taken in high-profile breaches on his website. You can’t see the full list of addresses; instead, you can search to see if your email address is on his vast database.

At the time of writing, Have I Been Pwned? features almost 3,999,250,000 pwned accounts and 228 pwned websites. Breaches include MySpace, Adobe, LinkedIn and Badoo among others.

snip20170808_16

To use the site, type your address in the search bar. If your details are found in the data dumps, a red warning message will appear, revealing what was taken in each hack. If your details are not found within the dumps, this message will be green. This doesn’t mean your account details haven’t been taken, though. It just means your passwords and email addresses don’t feature in Hunt’s lists.

You can also sign up for notifications of future breaches and ‘sensitive’ data dumps, like those in the Ashley Madison breach. To search these databases, Hunt asks for verification that you’re the owner of the email. This is to prevent spouses searching the Ashley Madison database, for example, with their partners’ email address.

Hacked Emails

Similar to Have I Been Pwned?, Hacked Emails scans the deep web to uncover the latest data breaches and lets you search through the database using your email. Hacked Emails additionally comes with a Chrome Extension that alerts you if anyone sending you email has been hacked.

BreachAlarm

Out of the three sites listed, BreachAlarm is the least useful but is still worth mentioning. It lets you search for account details, but doesn’t offer the same level of detail as Have I Been Pwned, for example.

If your account details feature on any of the lists on these three sites, change your password if you haven’t already. This includes changing every account that password is used on. Hackers will often attempt to use the same password on multiple accounts because they know that people have poor password hygiene.

Similar to Have I Been Pwned, you can sign up to BreachAlarm’s Email Watchdog to be notified immediately if any of your email addresses appear in future breaches.

How to stay secure

There are some simple, but important, ways to stay safe online to minimise the damage if data is leaked by a third-party.

Change your passwords regularly. It is advised that a password should be changed every six months minimum. This will minimise the risk if your password is on a data breach that hasn’t been listed on the sites above.
Don’t use the same password on multiple sites.
Enable two-factor authentication across all of your accounts.