Find out if your email address has been compromised
A number of free tools are available to help people protect themselves online; unfortunately, such tools are not broadly publicized, so most people may not be aware of them. In a series of postings, we will describe some of these tools, their benefits, and how to use them.
have i been pwned? — Check if your email address is in a data breach
This free site makes it easy to see if your email address (or your phone number) has been compromised in a data breach. It does this by comparing your email address with information from over 500 compromised sites that has been posted on the Dark Web. The site is run by Troy Hunt, a highly respected security expert—it’s legitimate and safe.
The Dark Web provides an underground marketplace for the sale of stolen personal information, almost always containing email addresses, to hackers who are often referred to as “bad actors.” Hackers purchase information stolen from one site in hopes of compromising other sites where the victim used the same address; stolen email addresses also fuel ransomware and phishing attacks—two of today’s most common and damaging exploits. (You can find more information about these terms in the Cybersecurity 101 section of the ManyMe website.)
Your first question might be “What in the world does “pwned” mean?” “Pwned,” which rhymes with “Owned,” is an expression from the online computer gaming world that means that the victor has totally defeated or “owned” an opponent. In the context of cybersecurity, it means that an account and related data have been compromised.
When you visit haveibeenpwned.com, simply enter your email address (or phone number) on the front page and click on “pwned?” If your address is not found, you’ll get a response reading “Good news — no pwnage found!” This response indicates that your email address could not be found in the data from any breached sites or on other sites that hackers use to share (“paste”) stolen information anonymously. This really is good news.
However, if your address is found, you’ll get a response reading “Oh no—pwned!” Scroll down on the page to see the specific breaches in which your address was compromised, and then be sure to change the passwords that you use for the compromised sites. As you’ll see, haveibeenpwned.com has a marketing relationship with a password manager, and recommends its use. (Using a password manager in conjunction with ManyMe addresses provides even better protection.)
Using the site’s “Notify me” feature, which is accessed via the main menu, you can also enter your email address to receive notifications if the address gets pwned in the future. When you sign up for this, the site will send an email to the address “just to confirm that you’re a real person, behind a real email address”—click on the link in the message to be notified of any future pwnage. We highly recommend that you take advantage of this feature, which will give you an early warning that a site that you’ve visited has been compromised.
The site includes other useful features, too; for example, you can see a list of pwned websites, or query the list of over 600 million pwned passwords to see if any of yours are included. You’ll find a lot of other interesting information as you scroll through the site.
We think you’ll find haveibeenpwned.com to be a very useful resource, especially if you’re concerned that your email address has been compromised.