If you haven’t noticed, week after week it seems there’s an increasing amount of media coverage regarding cyber-attacks and cyber threats that businesses, individuals and government agencies face. While this could very well be due to the growth of online activity to aid a work-from-home and school setup as a result of the COVID-19 pandemic, it could also be that cyber criminals are becoming more clever and finding new ways to achieve their goals.
Although you may have a trusted free antivirus software program installed on your computer, it would be wise to know if you have ever suffered from a cybersecurity breach. One of the best ways of finding out is by checking your cybersecurity status using the free website (by an Aussie) ‘haveibeenpwned.’ Keep reading to find out how!
What is haveibeenpwned[dot]com?
Created by Australian cybersecurity expert Troy Hunt, Have I Been Pwned?, also known as HIBP, is a public website that offers a free resource which allows people to check if they have ever been victims of a cybersecurity breach.
Hunt, a Microsoft regional director and recipient of the Most Valuable Professional for Developer Security, created Have I Been Pwned in 2013 after being inspired from a serious cybersecurity breach suffered by Adobe, which was considered to be the largest ever single breach of customer accounts at the time. The breach famously affected at least 38 million users.
Have I Been Pwned was created both to fulfil the need for a tool that could inform users if they have fallen victim to a cybersecurity breach, and to entertain Hunt’s joy of building and creating programs. The entire purpose of the site is to simply provide a service completely free of cost so that users can assess if their accounts have been compromised at any point.
“Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.” – Troy Hunt
By entering an email address unto the Have I Been Pwned website, users will not only be able to know if their account is currently under a security breach, but they will also be able to tell if their account has ever fallen victim to cyber attack.
How Does ‘haveibeenpwned’ Work?
This clever website is able to tell someone if their account has been exposed to a data breach by searching leaked information direction into the system. To know if an account has been compromised, users can register to Have I Been Pwned directly on the website.
Before getting started, it’s important to know that only the legitimate and verified owner of an email address being searched for can check if an account has been compromised. This is carefully controlled by Have I Been Pwned so that the information only falls on the right hands.
Check If Your Account Has Been Compromised
To check if your account has been compromised, follow the steps below:
Step 1: Go to the Have I Been Pwned home page.
Step 2: Enter your email address on the search bar and click on “pwned?”
In case your account hasn’t been breached, you will get a notice that reads “Good news – no pwnage found!” Hopefully you’ll be one of the lucky ones who sees this notice and gets to move on. It’s recommended that you check all of your email addresses so you are aware if any of your accounts have been breached in the past.
If your account has been compromised, you will get a notice that reads “Oh no – pwned!” In this unfortunate case, Have I Been Pwned will present you with options on how to secure your account and implement better cybersecurity practices, along with the list of breaches you were involved in.
The list of breaches your account has been involved in is not short of detail. It includes information about the data leak, some background about the cybersecurity attack, the app or website your account was leaked from and even which of your data has been compromised.
The details that could have been leaked include, but are not limited to your date of birth, name(s), physical address(es), social security number, email address(es), IP address(es), password(s), username(s), gender, employer(s), geographic location(s), job titles, job address(es), phone number(s), spoken languages, social media profiles and more.
The nature of the details revealed on Have I Been Pwned are meant to help you understand why you need to change your password as soon as you are aware of a breach, and the importance of not using a universal password for all of your accounts.
However, if after seeing that all of this information has been leaked and is roaming around on the internet doesn’t entice you to enforce a stricter cybersecurity strategy to protect your digital presence, there really is very little that can be done to persuade you.
Cybersecurity Practices Recommended by Have I Been Pwned
In the event that you have been a victim of a data breach and your information has been leaked, Have I Been Pwned recommends securing your account by following the three steps show below:
Step 1: Protect your account by using a password manager like LastPass or 1Password (the later recommended by Have I Been Pwned).
Step 2: Enable 2-factor authentication on your online accounts and store the codes within your 1Password account. Pro tip: Print out the QR or recovery codes and keep them in your home safe.
Step 3: Subscribe to notifications from Have I Been Pwned, so you can learn about any further data breaches.
1Password: The Ultimate Cybersecurity Tool
According to HIBP, the only secure password is the one you can’t remember – a truer statement has never been told before when it comes to password security. 1Password is not a tool created by Troy Hunt, but it is a password manager he recommends on his site Have I Been Pwned as the preferred way to keep his passwords safe. Through telling his own experiences with 1Password since 2011, Hunt simply recommends the service so that others may consider it.
1Password has been around for a long time, and it is arguably the world’s most-loved password manager. It helps to keep your accounts secure by storing and using strong passwords so that you can log in to your accounts with just one click. 1Password helps to keep you safe by precisely not sharing your passwords, even with you. Further than providing a password bolt, it also helps to keep your bank account details and credit/debit card information safe on all of your devices.
The Troy Hunt Revolution
Not only is Troy Hunt considered to be the ‘daddy’ of personal data breach awareness with such exactitude, but his creation of Have I Been Pwned inspired password check up tools in nearly every modern internet browser. Apps such as LastPass and 1Password have worked in unison with Hunt’s creation to communicate to their users when their password has been breached.
More than that, Have I Been Pwned has allowed for password manager programs to be able to tell their users that a password has indeed been breached, but not which one, changing all passwords making it difficult for hackers to gain access to a user’s account.
Besides creating a great tool for the public, Hunt continues to expand the idea behind Have I Been Pwned. In early August 2020, Hunt announced his plan to implement open sourcing into the HIBP code base, making it a community project so that the site may evolve and provide more advanced tools to fight cyber criminals.
Hunt’s intention behind this change is for Have I Been Pwned to not disappear, even if he does. This supports his philosophy to provide something for users without receiving any monetary benefit in return. While this project has not created much revenue for him, he has gained the attention of cybersecurity experts all over the world, who recognise his pioneering outlook towards data breach awareness.
In conjunction with Junade Ali, Troy Hunt designed the k-Anonymity API that was mentioned earlier to protect users from even realising which passwords have been breached in the event of a cyber attack. This idea has now been implemented into password protection by password manager giants such as LastPass, Okta PassProtect, Apple, Google, 1Password and many others. Thanks to Hunt and Ali, these apps now notify their users of a password breach.
The Future of Have I Been Pwned
Although Have I Been Pwned is a public service and makes relatively little profit, if any, the future of this tool does not seem to be near its end. With Hunt’s recent announcement of open sourcing, the sky is the limit for what this great tool will evolve to be in the near future.
So, what have we learned from this? First of all, if you haven’t done so, you need to head to Have I Been Pwned and check to see if your account has been compromised.
Second of all, regardless of your results, you should implement a heavier password protection strategy that will keep intruders at bay.
Lastly, there is no such thing as an unbreakable password, so listen to the experts, Hunt in this case, and use a password manager to keep your personal data safe.