Apps How-To

Have I Been Pwned? Check whether your password has been stolen

Someone logging into your account without your permission can be a frightening experience!

If it’s ever happened to you, then hopefully it was just a friend who wanted to post something embarrassing to your Facebook page, but often people hack into accounts with much more than practical jokes in mind.

If a hacker ever gains access to one of your accounts, then they could cause all sorts of damage and distress, ranging from hijacking your Twitter and turning it into one of those annoying Twitter bots; to sharing your private or embarrassing information and content with the world; or even getting complete control of your finances via your online banking.

It’s impossible to estimate how many passwords are already in the public domain. In December 2017, security researchers discovered a 41-gigabyte file containing 1.4 billion username and passwords for sites such a Netflix, Last.FM and LinkedIn, plus many popular games such as Minecraft and Runescape.

This data breach was big enough to make headlines, but in reality hackers are stealing usernames and passwords for all kinds of websites, all the time. Just because the media hasn’t reported on a data breach involving one of the sites you’re registered with, doesn’t automatically mean that your password hasn’t become public knowledge. If you’re going to remain safe online, then you need to get into the habit of regularly checking whether any of your private information has become public property.

In this article I’ll be sharing some tips to help keep hackers out of your email, online banking, social media, and the countless other password-protected websites, services and apps that you use on a day-to-day basis.

Have I Been Pwned?

Have I Been Pwned is a website that maintains a database of usernames and passwords that have been leaked, and are now freely available on various places across the World Wide Web, including the Dark Web.

To check whether any of your personal information has been leaked, head over to Have I Been Pwnd? and enter your username or email address. The website will then check this information against its database, and inform you if your details have ever appeared in a leaked database.

 

If your information has been exposed, then ‘Have I Been Pwnd?’ will display some more information about the breach, including the kind of data that was leaked, which might include everything from your IP address, to your date of birth, credit card details and even private messages.

Hopefully, all of your searches return zero results, but if you’re curious about just how serious data breaches can be, try searching for a common name. For example, searching for “Smith” returns 11 separate instances where this name appeared in leaked databases.

If any of your accounts have been compromised, then you must change the password for this account immediately. If you use the same password for any other accounts, then you should change them, too – and consider this a reminder that using the same password for multiple accounts is never a good idea!

To receive a notification if your email address or username appears in a future leak, click the ‘Notify me’ tab at the top of the screen, and then enter your email address in the subsequent popup.

Use a Password Manager

The best way to keep an account secure, is to use a long, complex password that’s completely unique to that account. However, remembering a list of complicated passwords isn’t exactly easy, so you may want to get a helping hand from a password manager, such as LastPass.

As an added bonus, if you choose LastPass as your password manager, then you’ll be able to check whether any of your information has been published in known data breaches, directly from the LastPass user interface.

You can install LastPass via the Safari Extensions Gallery, or if you’re using a different browser you can head over to the LastPass website and click ‘Get LastPass free.’ When prompted, create a user account and password, and then click ‘Unlock my vault.’

At this point, you’re ready to start adding passwords:

  • Select ‘Sites’ from LastPass’ left-hand menu.
  • Click ‘Add Site’ in the bottom-right of the screen.

  • In the subsequent popup, enter the website’s URL and the username and password you use to log into this site. Click ‘Save.’
  • Rinse and repeat for every account that you want LastPass to manage.

After adding all your passwords, you can check whether any of these passwords have been involved in known data breaches, by clicking the LastPass icon in your browser’s toolbar and then selecting ‘More Options > Security Challenge.’

Follow the onscreen instructions and LastPass will check your information against its database. Hopefully, it’ll display a message that none of your accounts have been involved in any known security breaches, but if one or more of your accounts have been compromised, then you must change these password(s) immediately.

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.