Have I Been Pwned is a valuable tool enabling users to input an email address to see if a service using that address as a username or login has been compromised, resulting in a password security breach. To date, the website displays that there are 325 pwned websites and 5,566,340,042 pwned accounts.
If the email address was compromised, Have I Been Pwned will list out each breached website on which the email address was found. Information includes the date of the breach, information about the breach, and what data was collected during the breach. Most common information collected by hackers are email addresses and the passwords used for the website. Hackers will then run the email and password on multiple services to gain access to those accounts.
An alphabetical listing of security breaches shows popular sites such as BitLy, Adobe, Experian, Snapchat, Sony, Tumblr, Xbox 360 ISO, VTech, and most recently (Nov 4, 2018) WPSandbox, which was used to host a phishing site that attempted to collect Microsoft Onedrive account information.
Curious? Go to the website and type in your email address.
To avoid data breaches becoming a serious problem make sure you subscribe to the following suggestions from the Federal Trade Commission’s consumer page. :
- Create strong passwords – 10 or more characters, using at least 3 of the following mixed into the middle of the password, not just at the beginning and/or end:
- upper case letters
- lower case letters
- symbols
- numbers
- Don’t use names, dates or other common words.
- Don’t use the same password for multiple sites.
- Consider using 2-factor authentication. This consists of a code sent to your phone that you have to type in to access an account even though your password is typed in. It is used to block hackers who don’t have access to your phone from accessing those accounts.
- Change your passwords frequently.