Worried you’ve been pwned? Find out
One of the largest data breaches on record was the Collection #1 Data Breach in January 2019; it included 7.73 million records and more than 2.7 billion email addresses and passwords.
Communication concerning breaches has improved over the years but is still lacking. So, where should you turn to determine whether you’re at risk? We recommend haveibeenpwned.com (HIBP), a site from creator Troy Hunt. HIBP allows you to query your email address (without storing it) to confirm whether any website logins using that email address have been compromised, or ‘pwned’, and if so, in what breach. (The term pwned originated in the land of computer games, where it means you’ve been defeated. Don’t let a breach defeat you.)
Who is Troy Hunt?
Troy is an Australian security and cloud specialist, Pluralsight author, and Microsoft Regional Director. He provides the HIBP service to the public as a free educational tool, but it also serves as a testbed for cloud technologies, such as Microsoft Azure. Learn more about Troy’s credentials on his LinkedIn profile, his YouTube channel, and his website.
Oh no – pwned!
If HIBP reports that you have indeed been caught up in a breach, it’s time to act. Do you still have access to – and can you log in to – the email accounts linked to the breaches? If not, use the account’s password retrieval or reset process. Once you gain access, follow these three steps:
Get a password manager, such as LastPass, 1Password, Zoho Vault, Kaspersky, or KeePass.
Reset your passwords both for the compromised website logins and for the related email address
Generate stronger and different passwords for the site and your email login, using the password manager from point 1.
Enable two-factor authentication.
FYI … the HIBP website can also notify you of future breaches, but to receive these notifications, you must sign up and store your email address.
With these tips, tricks, and Troy having your back, you can put your worries to rest when a breach gets within reach!