Have I Been Pwned?

There’s not a day that goes by without hearing news about a security breach or incident involving large companies like Equifax and Marriot; but what about incidents that are rarely publicized but just as damaging? Wouldn’t you like to know if an incompetent vendor lost your email or other personal information? I would, and I will teach you how you can, too.

Some of you may remember me talking about the website haveibeenpwned.com. It was created many years ago and is maintained by a trusted group of security researchers who mine released data from previous breaches, aggregates it and make it available to the world. They don’t sell it, but they do make it possible for anyone to manually (one email at a time) or programmatically (many emails at once) check the leaked emails.

The greatest benefit of this service is that it tells you what other information got leaked as part of the same incident (e.g., SSN, DL, DOB, and Address). Trying it is simple – just insert your email address and press “pwned.” While using the service, your email isn’t collected or resold.

You may be thinking: Who has time to check this site on a regular basis? Well, you don’t have to. If you click on “Notify me” and enter your email address, you will receive a notification as soon as your email surfaces in the security breach. You can enter multiple emails to be monitored.

You may also be thinking: How is this beneficial to you and what can you do about breached information? First, you will be informed of the data breach even if it didn’t make to the newsstand. Second, it will give you an immediate opportunity to change your password and may entice you to create additional security for your account with that vendor.

Sometimes, there’s nothing you can do about breached information, but using this service does give you the advantage of catching a potential attack before it happens.

Don’t delay. Be your own oracle.

Comments

  1. Patti Rankin

    Oh, great! Stewart email has been “Pwned” on 7 breached sites.

    1. Genady Vishnevetsky

      Patti, you brought a good point that emphasizes critically of the reading terms and conditions as well as privacy policy when you sign up for services. They frequently list sharing agreements with partners. In this example, I didn’t explicitly gave my email to the breached entity. It was obtained through third-party agreement.

      -Genady
      iPologies for typos

Leave a Reply