Have I Been Pwned

pwnedThe Tip
We should all know by now that using the same password on multiple sites is a big security no-no! We might think our username:password is safe with the big companies, but this is absolutely not true. Did you know there is a service where you can check to see if your information has been in a known compromise?

The Detail

The word ‘Pwned’ is internet and gamer/hacker slang for being ‘owned’. It is the term used when a hacker gets your username and password combination from a site they have compromised, because at this point, there’s a good chance they own you… especially if you have used that username and password combination somewhere else. They will immediately send out bots that travel around the web trying services like Amazon and major banks, or your work if your username is a work related email address, just to see where they can break in. It’s all too easy and can happen in seconds.

We might like to think we are safe if we only use major sites and stay away from the shadier corners of the internet. After all, surely companies like Adobe and Dropbox and LinkedIn will have the best of security and never be compromised, right? Actually wrong. My own information has been stolen from data breaches on those sites and made available in hacker communities several times. How do I know this? It’s simple. There is an excellent service through which you can check your information and also set up an alert that will notify you of future compromises.

This website is https://haveibeenpwned.com. If you have never used this site before, do it now. It’s an easy to use service that will tell you how many times and where your information has been exposed (7 times for my personal address and 1 time for my work address). You can then also choose to subscribe and receive an email alert if a new breach involving your address is discovered.

This is a great way to stay on top of these things and it certainly reinforces why you should never recycle passwords. Getting a zero result here is no guarantee that your credentials have never been stolen, but it’s a pretty good service nonetheless. Try it today.

If you do find that you’ve been pwned be sure to change your password at the compromised site as well as use a unique password every where else you may have used the same password.

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.