Determine if your email address or password has ever been hacked
/Have you ever wanted to know if your email address or password has ever been compromised (hacked)? Well, you can and the best part is you can do it for free.
Go to your favorite search engine and search for “have I been pwned”. “Have I been pwned?” is a website that records information from breaches allowing you to determine if your personal information such as your address, phone number, date of birth, email address/username and/or password were ever involved in a breach.
Let’s start with the email address or username section of the website, which is the main home page. Enter your email address or username and click “pwned?”. If results returned are “Oh no – pwned!”, you need to look at the “Compromised data:” section for each breaches reported. If the “Compromised data:” section says passwords were involved, I strongly recommend changing the password on that account and any other account you have used the same password on immediately, especially if the same username or email address was used with that same password. Why you ask? Well, once a hacker knows your email address and password, they will use this log in combination (username and password) and attempt to log in to other websites such as well-known banks, brokerage companies, retirement institutions, major retailers, medical websites, etc. This is known as “credential stuffing”. I’ve seen it first hand and can confirm it happens all the time.
Now you may be asking, "The date next to my breach is old, so do I still need to change my password?" If you know with 150% certainty you have changed your password well after the date of the breach (say at least a year after), then no, maybe you do not need to change it. However, if you can’t remember the last time you changed your password or if it has been a while, I would use this as a good time or opportunity to change it again.
Let’s now talk about the password section of “have I been pwned.” Click on the word “Passwords” at the top of the website. Enter any password you currently use or plan to use and click “pwned?”. If you get a result of “Oh no – pwned!”, I would suggest changing your password or come up with a new one. The thought is any password from a past breach, will now be used in “credential stuffing” attacks, so it isn’t a good idea to use a password that is known to be compromised. Keep typing in a password until you get the all clear “Good news – no pwnage found!”.
All of this illustrates why it is important to have different passwords for each account you have. If one account is compromised (hacked), then it only impacts that account. Remembering numerous passwords can be difficult, which is why using a password manager is a good idea. There are even some with free services, so you just need to find the one that's right for you. To do that, search for "top rated password manager 2017" in your favorite search engine (or whatever year it happens to be at the time). There are usually well-known websites at the top of the search results with comparisons and/or reviews to help you get started finding the one with all the features you want/need.
For a bit of trivia...If you aren’t up on “hacker” lingo, you may be asking yourself what does “pwned” or “pwnage” mean? Well, it is old video game speak for something being defeated or owned. In this case, just think of pwned or pwnage as being the same as breached, compromised, or hacked.
Here are screen shots of have I been pwned? in action: