Have I Been Pwned?
NOTE: 21 FEBRUARY 2020
We are no longer recommending this site however we’ve decided to leave this post on our site. All readers are cautioned to take any results obtained from Have I Been Pwned with skepticism.
EB is pretty cool, she knows all the hacker terms like pwned and crack. I don’t know any of them, but if I need to know one, I’ll ask her and she’ll tell me — reluctantly. Because you’re all good people like TC, you probably don’t know what pwned means, so EB told me it’s OK to tell you. Pwned means owned. And in the case of this tip, pwned means someone has access to your email username and password. and therefore jas access to anything in your email account. Did I mention these hackers can also use your email account for nasty things? Indeed they can.
Now you’re all curious to see if any of your email accounts have been pwned, aren’t you? You should be. Over one billion pwned email accounts is a lot of pwned email accounts, isn’t it? It’s even more email accounts than EB has. It’s a lot, for sure.
Seriously folks, this is serious business. We’ve harped at you until we’re blue in the fact about using strong passwords and about using a good password manager to create strong passwords and remember them for you. So if you haven’t done so by now, we’re not going to convince you. Maybe, if you discover that one or more of your email accounts has been pwned, and your emails and your email account or accounts are in the hands of criminals who could then use all your information for nasty deeds, you’ll listen to us and change all your passwords to strong passwords and download a good password manager like LastPass (free version) http://lastpass.com/.
The developer of “Have I Been Pwned” has some words to share with you:
“Who is behind Have I been pwned?
I’m Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.
I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today’s modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!
What is the site all about?
This site came about after what to date, remains the largest ever single breach of customer accounts — Adobe. I often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
The FAQs page goes into a lot more detail, but all the data on this site comes from publicly leaked “breaches” or in other words, personal account data that has been illegally accessed then released into the public domain. Have I been pwned? aggregates it and makes it readily searchable…”
Don’t fret – we’re almost done. Here’s a couple of screenshots for you to make this article pretty:
Visit https://haveibeenpwned.com/ and see if your email address or more than one of them has been pwned. We hope not!
Want to know how miscreants, hackers, and criminals can crack simple passwords so easily? Read our article on Rainbow Tables here.