Have I Been Pwned? reveals if your email or passwords have been stolen by hackers
Have I Been Pwned?
Set up by security researcher Troy Hunt, Have I Been Pwned? has become the go-to site for concerned web users. Hunt catalogues all the email addresses and other data taken in high-profile breaches on his website. You can’t see the full list of addresses; instead, you can search to see if your email address is on his vast database.
At the time of writing, Have I Been Pwned? features almost 3,999,250,000 pwned accounts and 228 pwned websites. Breaches include MySpace, Adobe, LinkedIn and Badoo among others.
To use the site, type your address in the search bar. If your details are found in the data dumps, a red warning message will appear, revealing what was taken in each hack. If your details are not found within the dumps, this message will be green. This doesn’t mean your account details haven’t been taken, though. It just means your passwords and email addresses don’t feature in Hunt’s lists.
You can also sign up for notifications of future breaches and ‘sensitive’ data dumps, like those in the Ashley Madison breach. To search these databases, Hunt asks for verification that you’re the owner of the email. This is to prevent spouses searching the Ashley Madison database, for example, with their partners’ email address.
Similar to Have I Been Pwned?, Hacked Emails scans the deep web to uncover the latest data breaches and lets you search through the database using your email. Hacked Emails additionally comes with a Chrome Extension that alerts you if anyone sending you email has been hacked.
Out of the three sites listed, BreachAlarm is the least useful but is still worth mentioning. It lets you search for account details, but doesn’t offer the same level of detail as Have I Been Pwned, for example.
If your account details feature on any of the lists on these three sites, change your password if you haven’t already. This includes changing every account that password is used on. Hackers will often attempt to use the same password on multiple accounts because they know that people have poor password hygiene.
Similar to Have I Been Pwned, you can sign up to BreachAlarm’s Email Watchdog to be notified immediately if any of your email addresses appear in future breaches.
How to stay secure
There are some simple, but important, ways to stay safe online to minimise the damage if data is leaked by a third-party.
- Change your passwords regularly. It is advised that a password should be changed every six months minimum. This will minimise the risk if your password is on a data breach that hasn’t been listed on the sites above.
- Don’t use the same password on multiple sites.
- Enable two-factor authentication across all of your accounts.