Free Security Tool: Check If You Have an Account That Has Been Compromised in a Data Breach with Have I Been Pwned?
January 22, 2019
A huge data breach, which took place earlier this month, left hundreds of millions of emails and passwords exposed. Find out whether you are at risk with the help of breach notification service, Have I Been Pwned? (HIBP).
HIBP, allows users to check if their personal information has been compromised by a data breach, how many times and from where. Users can also search for specific passwords to see if they have been exposed. According to HIBP, the Pwned Passwords are 551,509,767 real-world passwords previously exposed in data breaches. And that, this exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts.
To find out whether you have been affected by a data breach head to HaveIBeenPwned.com, and enter any email addresses you currently own, or passwords you use.
The site also allows you to search for pwned accounts across an entire domain and receive future notifications of any breaches, via email. However, you must verify ownership of the domain before performing a domain search – if you cannot verify this, you will not be able to search for breached email addresses on it.
Cyber security expert and creator of HIBP, Troy Hunt, claimed that the exposed data could be used by attackers to carry out “credential stuffing” attacks: “In other words, people take lists like these that contain our email addresses and passwords then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services.
“Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”
Have I Been Pwned Test Example
I’ve Been Exposed, What Next?
If you have been exposed, it is vital to secure your accounts against any future attacks – regularly changing these and not duplicating them across different websites. Multi-factor authentication should be utilised on every site that allows it.
Collection #1 Hack:
The breach, discovered by HIBP, regards nearly 800 million stolen email addresses and passwords, taken from a series of breaches from websites around the internet.
The data collected is readily available online and any individual who has accessed the internet in the last 10 years could be affected by this attack. Those affected could have their information used against them, and in turn, lose access to their accounts.
According to HIBP, the data contained almost 2.7 billion records including 773 million unique email addresses, as well as passwords those addresses had used on other breached sites.
Cyber security expert and creator of HIBP, Troy Hunt, said that the data was discovered by “multiple people” who reached out and directed him to a large collection of files on popular cloud service, MEGA.
The data, which included Troy’s personal information alongside more than 12,000 separate files and over 87GB of data, was then uploaded and shared on a well-known hacking forum.
He added: “There’s somewhere in the order of 140M email addresses in this breach that HIBP has never seen before. In terms of the risk this presents, more people with the data obviously increases the likelihood that it’ll be used for malicious purposes.”