Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Blog In Depth

Have you been pwned?

Internet users are continually asked to trust tech companies with their data, but that trust isn't always rewarded. Massive data breaches regularly expose passwords, emails, and other personal information. Having your login data compromised is sometimes called “getting pwned”, and the sooner you know if you've been pwned the safer you'll be.

Carlos Martinez

Carlos Martinez

Apr 12, 2021 · 3 min read

Have you been pwned?

How to check if your credentials were leaked

Even if you don’t think that any of your account data has been leaked, we recommend checking it at Have I Been Pwned. The idea behind this service is pretty simple: enter your email address into the HIBP database of leaked passwords, and then the site will map the address across multiple data breaches to check if your data has been compromised.

If the address is discovered on one of the leaked data lists, the screen will turn red and HIBP will let you know on which breached site it was found. You can also be notified if your email address appears in any future breach data that HIBP finds.

  • An important note: Even if your email address doesn’t get flagged on HIBP, that's not a guarantee that you're safe. The site is continuously updating its database but they don't have access to all leaked data. That's why using unique passwords and changing your details regularly is still essential.

What does “pwned” mean?

The word “pwned” first appeared in the online gaming community and then spread out into the mainstream. “Pwn” is a misspelling of “own”, which means having a power or mastery over someone. However, it is also used in hacking contexts.

When somebody says “I got pwned”, it means that hackers stole their personal details. The word can also describe any illegal access to something, whether it’s your email, social media account, or any other service you use.

What should I do if my account has been pwned?

If your account has been pwned, act fast and take all necessary precautions to mitigate the damage. The longer you wait, the more risk you face of of losing access to your accounts.

Step 1: Change your password

When changing your password, use uppercase and lowercase letters, along with numbers and special characters. We recommend installing a password manager like NordPass, which will help you with this task.

NordPass generates complex passwords for you, securely stores them, and allows you to fill online forms with one click. It also has a feature called Data Breach Scanner, which notifies you if your credentials are leaked.

Don’t forget to use a unique password for each of your accounts. If you use the same password for multiple accounts, a hack on one profile can very quickly spread to others.

Step 2: Use two-factor authentication

A password is not enough to stay secure online. Many digital services allow you to enable two-factor authentication (2FA), which adds an extra step when logging into your accounts. With 2FA enabled, after typing your password, you also have to authenticate yourself via a token, SMS, or app.

Even if hackers have stolen your password, they wouldn’t be able to bypass the 2FA.

How to avoid getting pwned

Service providers do not always take the necessary measures to protect your personal information. They store poorly encrypted passwords in unsecured databases and sometimes they can be stolen without any prior hacking knowledge. However, there are things you can do yourself to enhance your digital security.

  • Change your passwords regularly. If you’re taking your password hygiene seriously, change all your passwords every couple of months. Don’t wait until your pwned passwords end up on the dark web: be proactive instead.
  • Update your software on time. Updates improve your device’s health, fix known bugs, and introduce new features. Hackers use security flaws to launch cyber attacks against users and infect their devices with malware.
  • Don’t overshare on social media. Sometimes people post their email address, phone number, occupation, and other personal information on social media sites. Cybercriminals can collect that data and use it to set up a social engineering attack against you or your associates.
  • Adjust your device’s settings. Make sure that your apps aren't accessing more data than they really need to function. If a calculator or a fitness app asks for access to your camera or location, try to find out if this is actually necessary.
  • Create different email accounts. Designate an email account for registering to various services. Having multiple accounts could significantly minimize the fallout from a breach.
  • Use a VPN. A virtual private network like NordVPN encrypts your traffic and masks your IPaddress, providing you with a cloak of encryption. If you often connect to public Wi-Fi, a VPN will ensure your password information is never exposed.