How many of your Accounts have been Compromised in a Data Breach?

No week passes by without a big announcement of stolen account data. Usernames with their corresponding passwords and email addresses are “lost” on a regular basis. This is not only a problem of small sites: LinkedIn, Adobe and MySpace alone add up to more than 600 Million leaked accounts.

Given the fact that passwords are reused and email addresses aren’t a secret algorithm to generate a unique user name, you end up with a big problem: Data stolen at one site can be used to access accounts on a different site.

A simple way to check if your email address (and with that probably your password) is part of a data leak is the site “Have I been pwned?” (or short HIBP) operated by Troy Hunt. All you need to do is to enter your email address and click on pwned?. If you are lucky, then your email is not among the ~4 billion that are in the index of HIBP:

However, more likely is a result like this one:

Should you have reused a password you used at any of those sites you may have a problem. The explanatory text shows you when the break occurred and how long criminals could have used your credentials. I suggest you change the password as quickly as possible to a unique one. That may be a good time to start using a password manager like 1Password, Last Pass or the KeePass application. Not only do they generate better passwords, they simplify the management of those passwords tremendously.

The best feature of this site is the notification service. After you checked your email address you find a link called “Notify me when I get pwned“. Click on it to subscribe to the notification service. If your luck changes and one of your accounts get pawned, you will get an email from Troy most likely long before the site who got pawned will inform you.

1 thought on “How many of your Accounts have been Compromised in a Data Breach?”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.