Have I Been Pwned?

By | January 2, 2017

Cloudeight InternetHave I Been Pwned?

NOTE:  21 FEBRUARY 2020

We are no longer recommending this site however we’ve decided to leave this post on our site. All readers are cautioned to take any results obtained from Have I Been Pwned with skepticism.


EB is pretty cool, she knows all the hacker terms like pwned and crack. I don’t know any of them, but if I need to know one, I’ll ask her and she’ll tell me — reluctantly. Because you’re all good people like TC, you probably don’t know what pwned means, so EB told me it’s OK to tell you. Pwned means owned. And in the case of this tip, pwned means someone has access to your email username and password. and therefore jas access to anything in your email account. Did I mention these hackers can also use your email account for nasty things? Indeed they can.

Now you’re all curious to see if any of your email accounts have been pwned, aren’t you? You should be. Over one billion pwned email accounts is a lot of pwned email accounts, isn’t it? It’s even more email accounts than EB has. It’s a lot, for sure.

Seriously folks, this is serious business. We’ve harped at you until we’re blue in the fact about using strong passwords and about using a good password manager to create strong passwords and remember them for you. So if you haven’t done so by now, we’re not going to convince you. Maybe, if you discover that one or more of your email accounts has been pwned, and your emails and your email account or accounts are in the hands of criminals who could then use all your information for nasty deeds, you’ll listen to us and change all your passwords to strong passwords and download a good password manager like LastPass (free version) http://lastpass.com/.

The developer of “Have I Been Pwned” has some words to share with you:

“Who is behind Have I been pwned?

I’m Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.

Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today’s modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!
What is the site all about?

This site came about after what to date, remains the largest ever single breach of customer accounts — Adobe. I often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.

The FAQs page goes into a lot more detail, but all the data on this site comes from publicly leaked “breaches” or in other words, personal account data that has been illegally accessed then released into the public domain. Have I been pwned? aggregates it and makes it readily searchable…”

Don’t fret – we’re almost done. Here’s a couple of screenshots for you to make this article pretty:

Cloudeight Internet

Cloudeight Internet

Visit https://haveibeenpwned.com/ and see if your email address or more than one of them has been pwned. We hope not!

Want to know how miscreants, hackers, and criminals can crack simple passwords so easily? Read our article on Rainbow Tables here.

 

12 thoughts on “Have I Been Pwned?

  1. Harold

    Just read your article about pawned , ok I went to look is nothing free I find you are never charging for all the great info you pass along . But everyone else has a charge .

    Reply
  2. Barb

    Thank you for this. I got a clear reading, after I finally decided that it’s better to KNOW than to be a victim in ignorance.
    Happy 2017.
    Barb.

    Reply
  3. Kathleen

    Oh my, I have used this site for a long time.
    So very nice to see you like it as well as I do.
    Hope the year is good to you both!

    Reply
  4. Dawn Campbell

    What happens if we are? I am and just wondering if changing password is enough or do I delete all accounts with those sites? Thanks in advance.

    Reply
    1. infoave Post author

      change your password to your email account or better yet, create a new (non-yahoo) account, use a strong password and then change all your financial account passwords, then all your medical account passwords and change the email addresses to use your new email address.

      You need to change all the accounts that deal with money, medical, or other accounts that contain sensitive personal info (like your mailing address, social security number).

      I know it’s a lot of work, but start with a new email address and then change the email address and the passwords for accounts that deal with money, medical, or sensitive personal data first.

      Reply
  5. Gay Carefoot

    I have 2 email address’s, one I know is having problems right now so I was also curious to know if there was a problem on it(yep I have a yahoo account) and good news is that neither of the 2 email accounts that I have are pwned.

    Best wishes and good health to you both in 2017

    Reply
    1. Gay Carefoot

      Forgot to mention that my yahoo account has a generated password on it from Last Pass, and I also have LastPass on my iphone as well.

      Reply
  6. Jean

    My luck *** my main account is listed. ow I need to know what to do. It is with all my subscriptions, doctors, bank…etc. I would never find all the places I have that account. What to do … What to do!

    Reply
    1. infoave Post author

      change your password to your email account or better yet, create a new (non-yahoo) account, use a strong password and then change all your financial account passwords, then all your medical account passwords and change the email addresses to use your new email address.

      You need to change all the accounts that deal with money, medical, or other accounts that contain sensitive personal info (like your mailing address, social security number).

      I know it’s a lot of work, but start with a new email address and then change the email address and the passwords for accounts that deal with money, medical, or sensitive personal data first.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *