Have My Passwords Been Stolen? How To Check For Account Breaches Using HaveIBeenPwned

  on

Alarm continues to spread over the news that the security of nearly 2 million Facebook, Twitter, Google, Yahoo! and other online accounts has been compromised by hackers who stole users' passwords and usernames.

It's frightening to imagine that your account log-in information might have been obtained by faceless hackers, and the newest breach has reignited a vital conversation about the steps people should take to protect themselves online.

But a brand-new website called HaveIBeenPwned.com offers an extremely easy way to determine whether your account information has been "compromised in a data breach." By simply entering an email address, users can quickly see whether it has been targeted by such a breach, and the site appears to be fairly comprehensive, running a process that checks the account against records of past breaches that have been made publicly available.

When I typed in my GMail address, for instance, I was informed by the site that unfortunately I've been "pwned on 2 sites" (HaveIBeenPwned defines the word "pwned" as follows: "from the verb own, as meaning to appropriate or to conquer, compromise or control.") The site then informed me that my Adobe account was apparently compromised in a massive October breach in which "153 million accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text." I also learned that my Yahoo! account was one of the "nearly half a million" to be breached in 2012 "via an SQL [structured query language] injection attack."

This information is vital for people concerned about protecting their privacy and security online, and it can be very difficult to obtain, so HaveIBeenPwned is performing a vital service by providing a forum to check whether or not your information has been hacked. The site, which was launched on Wednesday by software architect Troy Hunt, appears to already be a pretty major success, drawing 63,000 visitors who completed 162,000 searches on the first full day of its existence. A full 32 percent of email addresses searched that day were compromised, according to the site's official Twitter feed. It is not, however, the only site offering such a service, as LastPass.com also offers a way to search for compromised account information.

Though services like HaveIBeenPwned offer a great way to check if your account log-in information has been compromised, they are not catch-alls, and there are preventative measures all Web users should still be sure to take. For instance, if you are one of the many thousands of people whose password is still "123456," as was revealed during the October Adobe breach, you should probably change that.

Join the Discussion