Have I Been Pwned: How to check if your account have been leaked

Have I Been Pwned: How to check if your account have been leaked
Tomas Lyngen
Published: 06 Jul 2022

How to check if your credentials have been leaked during an data breach

With ever growing online presence, with accounts on many services. It's hard to keep track if one of those services have had a data breach and that's where Have I Been Pwned comes in

What is a data breach?


A data breach, is when someone have gotten data from a company, that they shouldn't have. This data can include, but is not limited to; usernames, passwords, e-mails, names, internal documents and more

20220706_1001_62c4f3f8acc7b.webp

The hackers who got the data, will often sell the data or try to extort money from the company they stole it from. After a while, this data often end up available on the dark web, for people to easily access

Have I Been Pwned


Have I Been Pwned is a website found at haveibeenpwned.com [↗]. Where you can search up yourself, to see if you been part of a known data breach

20220706_1001_62c4f4b561b18.webp

Just enter your e-mail/username/phone number and click pwned?-button. Here we can see [email protected] have been in 222 data breaches and found 143 pastes

The service is free to use and how it works, is that it looks through all known data breaches and creates an index of them, where you can search and see if your account exist in them

20220705_1001_62c3d4a28a763.webp

If you have been part of a data breach. The website will list all breaches you have been part of, when it happened and what was leaked

I Have Been Pwned


So you found yourself as part of a data breach, then it's smart to change password and enable Multi Factor Authentication (it not already done)

Good websites uses some sort of hash for the passwords. Meaning your password MySecretPassword123 is stored in the websites database as something like this 567159D622FFBB50B (a scramble of text). So even if there's a data breach, the hackers can't easily read your password

Not all websites does this or uses a good quality hash. So if your account have been part of data breach, best action is to change your password to stay safe

Is it safe to use Have I Been Pwned?


As with all online services, it's always wise to be skeptical of providing your credentials. Have I Been Pwned have been around for about a decade now and is run by Troy Hunt, who is an Microsoft Regional Director and MVP. The service is being used by more and more government agencies, to easy check if any of their accounts have been part of a data breach

I've personally used Have I Been Pwned for years and as you only give your username/e-mail/phone and not password, it's a fairly safe service to use. But a scam service could create a similar site to fish for personal information, so be careful on where you enter your details. Have I Been Pwned also claims they only use what you input for lookup if you exist in any breaches and doesn't store that information



Tags: #haveibeenpwned #dataleaks

We sometimes publish affiliate links and these always needs to follow our editorial policy, for more information check out our affiliate link policy

You might also like

Comments

Sign up or Login to post a comment

There are no comments, be the first to comment.