Determine if your email address or password has ever been hacked

Beginner's Guide to Privacy and Security

Best practices and recommendations on how to protect and recover from compromised accounts and computers, use real-world scenarios to detail how scams and phishing emails are used and provide best practices on how to use the internet in a more safe and secure manner to protect yourself, your family, and your clients.

A Beginner's Guide to Privacy and Security

Trying to remain safe online, practicing good security and working to keep your data private is extremely challenging. This is made even more difficult with the speed at which technology changes, vulnerabilities are discovered, and attackers change their tactics. Just when you think you have learned the right techniques to keep your data private and your devices, email, etc., secure, another breach is announced, a new vulnerability is discovered in your operating system or web browser, and/or attackers come up with another scam/trick to gain access to your devices or information...all of which are out of your control. If you aren't tech savvy, it can be even more overwhelming. Since technology and attack methods change so rapidly, there are no simple answers or steps you can take to be 100% protected. This is where we are hoping we can help by recommending steps you can take to increase the security of your accounts and devices, better protect your privacy, and be safer online. Check out our "Security 101" section for a collection of the minimum security procedures everyone should be following.

If you are looking for a specific subject matter, click one of the topics below. We try to do our best to tag each blog post with the appropriate tags. If you own a small business, you may want to check out the "business owner" tag. The "scenarios" tag is real world examples of how you, your family, or your friends can be impacted by risky social media behaviors.

If you have any ideas, requests, feedback, etc., please visit the "Contact Us" page and let us know.

Posts related to:

Have you ever wanted to know if your email address or password has ever been compromised (hacked)? Well, you can and the best part is you can do it for free.

Go to your favorite search engine and search for “have I been pwned”. “Have I been pwned?” is a website that records information from breaches allowing you to determine if your personal information such as your address, phone number, date of birth, email address/username and/or password were ever involved in a breach.

Let’s start with the email address or username section of the website, which is the main home page. Enter your email address or username and click “pwned?”. If results returned are “Oh no – pwned!”, you need to look at the “Compromised data:” section for each breaches reported. If the “Compromised data:” section says passwords were involved, I strongly recommend changing the password on that account and any other account you have used the same password on immediately, especially if the same username or email address was used with that same password. Why you ask? Well, once a hacker knows your email address and password, they will use this log in combination (username and password) and attempt to log in to other websites such as well-known banks, brokerage companies, retirement institutions, major retailers, medical websites, etc. This is known as “credential stuffing”. I’ve seen it first hand and can confirm it happens all the time.

Now you may be asking, "The date next to my breach is old, so do I still need to change my password?" If you know with 150% certainty you have changed your password well after the date of the breach (say at least a year after), then no, maybe you do not need to change it. However, if you can’t remember the last time you changed your password or if it has been a while, I would use this as a good time or opportunity to change it again.

Let’s now talk about the password section of “have I been pwned.” Click on the word “Passwords” at the top of the website. Enter any password you currently use or plan to use and click “pwned?”. If you get a result of “Oh no – pwned!”, I would suggest changing your password or come up with a new one. The thought is any password from a past breach, will now be used in “credential stuffing” attacks, so it isn’t a good idea to use a password that is known to be compromised. Keep typing in a password until you get the all clear “Good news – no pwnage found!”.

All of this illustrates why it is important to have different passwords for each account you have. If one account is compromised (hacked), then it only impacts that account. Remembering numerous passwords can be difficult, which is why using a password manager is a good idea. There are even some with free services, so you just need to find the one that's right for you. To do that, search for "top rated password manager 2017" in your favorite search engine (or whatever year it happens to be at the time). There are usually well-known websites at the top of the search results with comparisons and/or reviews to help you get started finding the one with all the features you want/need.

For a bit of trivia...If you aren’t up on “hacker” lingo, you may be asking yourself what does “pwned” or “pwnage” mean? Well, it is old video game speak for something being defeated or owned. In this case, just think of pwned or pwnage as being the same as breached, compromised, or hacked.

Here are screen shots of have I been pwned? in action:

Logical Cybersecurity

Logical Cybersecurity

Beginner's Guide to Privacy and Security

Logical Cybersecurity

A Beginner's Guide to Privacy and Security

Logical Cybersecurity