Find Out If Your Email Has Been Compromised in a Data Breach
Nearly 668 million user accounts were compromised in data breaches that took place in 2018, and an astounding 1.578 billion accounts were compromised in 2017. One of the most recent breaches was BlankMediaGames, creators of the popular Town of Salem title. Over 7.6 million accounts were compromised in that breach alone.
When a website you’ve registered on is
hacked, your information can—and likely will—be stored, sold, or leaked. If you
use the same email address and password on that website as others, hackers can
easily gain access to your information. It’s why so many security experts
recommend you use a different password for every website you join.
The key to protection is awareness. If you
know when an account has been compromised, you can take steps to safeguard
other accounts. Here’s how.
Take Advantage of HaveIBeenPwned.com
There are other articles like this one on the web, but many are outdated. Forbes in particular has one that lists several websites, but in testing we discovered their security certificates have expired or they threw a 403 Forbidden error. Even if you could get these to work, is it worth the risk?
One site has proven itself time and time again: HaveIBeenPwned.com. The website checks email addresses against a database of breaches and tells you whether your email address has been spread in one of the many breaches that take place. HaveIBeenPwned also lists both the most recent breaches and the largest breaches.
How
to Use HaveIBeenPwned.com
Take a look at the image above. There is a
single step involved in finding out whether an account has been compromised:
just enter into the search box and pressed the “pwned?” button. (If
you’re curious, pwned is a misspelling of “owned,” an Internet-born
insult of the late 1990s/early 2000s.)
Here’s what happens when we test an
address:
I knew the account had been compromised a while back due to the large WordPress breach, and measures have been taken to safeguard it. If your email address has been compromised because of multiple breaches (like the one below), you can look through the lists and find out which ones are the most dangerous.
If you use the same email address across multiple websites, make sure to have a different password for each.
Beneath the notification, you’ll see an explanation of when and where the account was compromised, as well as steps on how to improve your account security. It will also tell you whether the breach involved emails, passwords, names, locations, etc.
Monitor
Domains and Addresses
If you own a given web domain, you can set
up automatic alerts should the accounts on the domain ever become compromised.
HaveIBeenPwned requires verification of ownership and several other security
layers before you are able to receive these notifications, which reduces the
risk that someone can gather information they aren’t meant to have.
You can also enter an email address and be
notified when noteworthy breaches take place.
Creating
a Strong Password
It’s a hassle to use different passwords
for each website, but it pales in comparison to the headache you’ll experience
if your identity is stolen or other important information is leaked. A strong
password should have these key elements:
- The password is at least 12
characters, but more is preferred. - The password should be a mix of
upper and lower case letters, numbers, and symbols. - The password should have no
resemblance to your email address. - The password should not be a
common word or phrase.
While there is no 100% guarantee of account
security no matter how many safeguards you put in place, you can reduce the
risk that a hacker will gain access by using strong, distinct passwords on each
website you browse and monitoring data breaches that may be relevant to you.
