Data security breaches constantly impact popular social media sites, online service providers, retailers and other companies that many of us share personal data with. So… are our login credentials and other personal data still secure? Or has our data been harvested, processed and potentially sold by malicious hackers?
If you dare to know the truth, there’s one way to find out: the (in)famous Have I Been Pwned? (HIBP) website run by Microsoft employee and web security expert Troy Hunt.
How to Use the Have I Been Pwned? Website
Enter Your Email
HIBP is a free resource that lets you quickly check whether any of your online accounts have been compromised (aka “pwned”) in a data breach. Just go to the site’s home page, type in your email address and brace yourself.
Review Your Compromised Information
Within seconds you’ll know whether your data has been exposed, which breaches it has been exposed in to date, and what specific data was potentially exposed (email address, password, name, date of birth, social security number, etc.).
Change Your Compromised Passwords
It’s important to scroll down and take a careful look at what data was compromised in each breach. In particular, you want to know whether passwords were exposed. If hackers might have your username and/or password for a website or application, you need to change that password immediately.
If you reused a compromised password, you should change it everywhere else, too. Otherwise you’ll be highly vulnerable to credential stuffing attacks, where hackers use automation to rapidly try stolen username/password combinations on hundreds of sites to gain unauthorized access.
But passwords aren’t the only data you should be concerned about. Many breaches expose a range of financial and personal data: your spouse’s name, where you went to school, how many children you have and their names, whether you own a home, and so on. In the hands of a skilled “social engineer,” data like this can be used to trick you or someone else into thinking the cybercriminal is someone known or trusted.
Another useful feature of HIBP is the Passwords page. Based on a list of over 551 million passwords exposed in data breaches, it tells you whether your favorite password is safe for ongoing use. If a password has been exposed in a data breach, it is no longer safe due to the greatly increased risk of hackers using it to compromise other accounts.
Subscribe to Notifications
HIBP even gives you the option to subscribe to notifications about breaches involving your data. Just provide your email address and next time you’re pwned, you’ll get a quick heads-up so you can take immediate action.
Passwords are often all that stands between your sensitive data (or your company’s) and hordes of hackers seeking to steal it. Using weak, easily guessable and/or compromised passwords makes you extremely vulnerable to being hacked.
Improve Your Information Security
April 2019 is “Password Month” here at Pivot Point Security, and this blog post is the first of several we’ll share on passwords. The following posts will reveal our Top 10 Tips on how to get your password security into high gear. Stay tuned!