Reminder: Check If Your Email Address Has Been Stolen Or Hacked

toggle-button

Email hack checkWith so much publicity surrounding last week's major ransomware outbreak, which spread to more than 150 countries, here's a timely reminder of something that you can do to check whether your details have been stolen by hackers.

When hackers steal your account details from a third-party system, they call it Pwning. It's pronounced Poning, and is hacker-speak for owning someone's details. No, I have no idea why either. But it does explain the reasoning behind an excellent online resource called Have I Been Pwned. You'll find it at www.haveibeenpwned.com and it's basically a searchable database of stolen email addresses that have been acquired by hackers and then posted on the internet.

The database currently comprises 3.7 billion entries, from almost 50,000 different hacks. To use it, just go to the site and type in your email address. The site will tell you if your details have been leaked. If they have, you'll need to change your passwords.

You can also subscribe to the service if you want, which will then automatically alert you if your details subsequently appear in the database.

Please rate this article: 

Your rating: None
3.962965
Average: 4 (27 votes)

Comments

"The site will tell you if your details have been leaked. If they have, you'll need to change your passwords."

Hello, so what you are saying is if I have been 'pwned' then somebody somewhere has both my email address AND my password is that correct?

If it is just my email address that has somehow gotten out there then why should I change my password? Of course I know regularly changing a password is a good idea anyhow.

Cheers,

Paul

West Swan: If ONLY your email and its password are compromised, any and everyone in your address book probably got emails from you touting some "you gotta see this!" website, or, worse than that, the email included an attachment of some sort with a virus included at no extra charge.

Any good friends may have even emailed you to let you know you got hacked. Changing your email account access will stop further crap coming directly from "you."

I've been getting occasional spam emails for over four years from a former coworker who just doesn't care about adding to the Internet's overabundance of crap. Last statistic I saw was something like over 90% of all internet traffic is spam email.

The other, and much more important point, is that if you read the site, they may have more than just your email addy and password. They may have your password hints or other personal details as well. That could make any site you use, including your bank or investment companies, vulnerable to further efforts. Unfortunately, it's really hard to tell just what info the baddies got on you. That's the main complaint about Pwned.

Make sense??

Be well -

-E.

Hello.

I think I confused you sorry.

I didn't understand if being on this list (which I am) meant that somebody had JUST my email address or if they had my email address AND my password.

I of course have already changed my password just in case they had it as well as my email address.

Now if I start receiving lots of spam myself I will know my email address has been sold and change it. I'm sure my 12 contacts wouldn't mind :-)

Thanks again,

Paul

Providing your work/business email addresses to websites like P*wned, or any website other than your work colleagues is asking for trouble

You are much better off staying off the grid
This means creating a spare (dummy) email account, with a fake name and address, specifically for internet use
Use this dummy email address for all free software offers, registration with websites etc.
Hackers target popular websites, and try to get access to these email databases
Also, many websites will use your email address for advertising and marketing

Save your official email accounts for work/business use, and only use these accounts when sending mail to trusted work colleagues, banks or utilities

If you get any emails from a utility or company, always ring them back, dont email them back
The rule is: they can email you, but you never email them back.
This is because hackers can create websites and email addresses that resemble banks, utility companies and businesses.
Its a very old trick, but there is no end of gullible internet users

Avoid opening email attachments unless they are standard documents from known work colleagues.. Even then be very careful

Stay off the grid

Thank you from another Aussie :-)

I already have a fake PayPal account for those times a website demands it (even sometimes for free software that was advertised on this site a couple of years ago).

That account is associated with a fake email address using a name that is difficult to tell if the person is male or female. I did that just for fun.

Cheers mate,

Paul (from rainy W.A.)

Im very sceptical about this website
The mere idea of entering my real email addresses to people I dont know, sends chills up my spine
For all freeware and other internet offers, I use a few junk mail accounts

You would have to be very brave to enter one of your real email addresses, that you use for utilities, banking etc
The website itself states in the FAQ:
Quote: "How do I know the site isn't just harvesting searched email addresses? You don't, but it's not".

Hmm

I entered one of my junk email addresses, and the website states:
"Oh no — pwned! Pwned on 10 breached sites and found 4 pastes (subscribe to search sensitive breaches)"

But the website doesnt tell you what the significance of this is
And I can subscribe by providing my email address. To who ?

Im waiting for someone to comment that they have receive something useful from this website.
So far noone knows what "breached site" means for your individual email account

The whole setup seems too much like those free antivirus checks which state "Your computer is infected"
No thanks

Harry   Harddrive,

Its a good point, but I can tell you from personal experience not listening to a warning can cost you.

What I do is use a password manager, in my case lastpass and in my list of sites, I have in my favorites a list of sites that I must protect and there are not that many of them eg banks, a few buying sites like ebay and amazon, facebook, my blog site, etc. Then what I do is when a warning comes which are not that common, those ones I change.  In any case I do advised that you change these high security passwords regularly.

 

Yes, I'm subscribed to this service.
And yes, I got warnings about my email address being mentioned in two recent hacks , or better put: databases compiled together from previous hacks...

I'm having a real problem with this:
1) I tells me my email account was part of some hack somewhere/sometime. "Change your password".
2) these two recent hacks were even UNconfirmed !

Yeah - sure! So now what?

Although I am using a password manager nowadays, some VERY old accounts might be compromised. Or maybe not - it might just as well be a very recent account.

There is ab-so-lu-te-ly NO way to figure this out.
In other words: I am being advised to change my passwords on like.... 500+ sites that my email address might me registered on ??

OH - come on! That's just utter bullcrap.
In order for such a service to be "a service indeed" , it is imperative to know what site(s) the pwned address was derived from.

As long as they do not provide this info - it's effectively a 99% useless service: all that I know is that I am vulnerable - somewhere out there in the Universe.

Thanks for the reminder! I just wish I could see the actual credentials that were stolen as I've changed my passwords whenever a service I use gets hacked - if and when I find out about it, that is. I don't use the same password for everything, but I have been known to use some passwords repeatedly on some less or more secure websites. It would be nice to know what info is out there so I can avoid using them yet again.

Lovely. Just lovely. Oh well.

Very timely, Rob. Thanks again!