Have You Been Pwned? Check if You Must Change Your Passwords
Lately, it seems like we can’t go more than a few days without hearing about another website or service being hacked and users’ passwords being stolen. This beautiful and scary visual shows the increasing frequency and scope of various data leaks and hacking events: from the infamous Ashley Madison case, where 37 million users were affected, to the seemingly never-ending saga of Yahoo misfortunes with their users’ credentials.
Over recent years, a gigantic database of leaked user information has emerged as a consequence of the various breaches. Obviously, there’s a lot of money in account passwords and other sensitive data. For instance, personal information from more than 65 million Tumblr accounts was discovered for sale on the darknet last year. Until recently, a site called Leakedsource.com had been selling credentials leaked or stolen in some of the worst data breaches — including billions of usernames and passwords for accounts at top sites like LinkedIn and Myspace.
Cybercriminals with access to such masses of sensitive data can exploit it in countless ways. That’s the main reason why using the same login details for different platforms, services and websites can be very dangerous.
Even if you don’t think that any of your account data might have been leaked, we recommend checking it at Have I Been Pwned. The idea behind this service is pretty simple: enter your email address into HIBP, verify that you control it, and then the site will map the address across multiple data breaches to check if your data has been swept in any of these. If the address is discovered on one of the leaked data lists, the screen will turn red and HIBP will let you know you on which breached site it was found. Potential victims will also be notified if their email address appears in any future dumps that HIBP obtains.
This service is especially useful if you have committed the cardinal sin of online security and reused your passwords on multiple websites. You should change the passwords of all the breached accounts, but the ones with reused credentials must be on the top of your to-do list.
An important note: You need to be aware that your credentials may have been leaked even if your email address doesn’t get flagged on HIBP. The site is continuously updating its database but that does not mean it has access to all leaked data. Therefore, you need to follow one simple rule — always use different passwords with different services.