Between The Hacks

View Original

Have I Been Pwned?

Have I Been Pwned?

NOTE: This is re-post from the June 26th Between The Hacks News, Tip of The week. News and updates to HIBP will be posted here.

“pwned” is pronounced pōned and rhymes with owned.

In late 2013, after the Adobe data breach, Australian cybersecurity expert, Troy Hunt, created the free web service, HaveIBeenPwned (HIBP), “as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or ‘pwned’ in a data breach.”

What does “pwned” mean? In this context, it basically means that an account has been hacked or compromised. The etymology of the term is an interesting story that you can read about here.

By using the HIBP website, you can see if your email address and an associated password has been publicly shared as part of a data breach. Last week, Hunt released a new version of HIBP that now contains 572,611,621 known, compromised passwords so if you have accounts on the Internet, it’s likely you will be in there.

As an individual, you can go to haveibeenpwned and enter your email address, hit enter, and you can see if, and which data breaches shared your account credentials.

The next great feature of this site is the “Notify Me” option. By choosing this, you can have HIBP send you an email anytime it sees your email in future data breaches.

If you happen to be someone who owns one or more domain names, HIBP has another cool feature for you. Choose the Domain Search option and you can enter your domain name (e.g. betweenthehacks.com). You will need to verify that you own the domain name, but after that you will get a list of all the email addresses and breach information for your domain name and you will get future reports as new breaches are added.

If you are nervous about using this service, rest assured that this is a highly recommended site by many paranoid cybersecurity professionals and many companies and U.S. government agencies also use this service. Remember, all it is doing is letting you know if your account credentials were publicly shared on the Internet.

If you want some more background on this free service and to hear about it straight from Troy Hunt, himself, check out this 2015 interview by Shannon Morse from Hak5, below.