With so many data breaches resulting in stolen data lately, sometimes it can be overwhelming to keep track of which breaches effect you. A website called, have i been pwned? hopes to make it easier to know what companies may have compromised your data. Pwned is a hacking term to indicate that someone has been owned.
Currently the site has information on 254 sites that have been breached totaling 4,823,641,843 compromised accounts. That’s nearly 5 BILLION accounts of stolen data. Below is a screen shot example of what it may look like if your account has been breached. You can see that it will list the website and when the breach occurred. You can use this information to go to those sites and change your passwords.
How can you make use of this to help with your stolen data?
Head over to the site and enter your email address in. You will be presented with a list of all of the sites that have been compromised where your email account was included. Then for any sites that are shown, log into your account and change your passwords. Many of these breaches could have occurred years ago and you may have been unaware. Regardless, change your passwords to any that you find from this site.
Actions you can take to help protect yourself from future breaches
The first step is to use a password manager like Lastpass. Lastpass is free add on for your browsers that will securely store passwords for you. That way you don’t need to remember passwords for each site. This allows you to generate very secure passwords for each site. One of the reasons these breaches are so dangerous is that most people use the same email address and password for just about everything. So if the stolen data from one site contains your data, then its easier for an attacker to use it on other sites. With Lastpass, you generate a random password for each site and store it securely in Lastpass. That way if one of your accounts is hacked, it only effects that account.
Another option is to enable two factor authentication on your accounts. This allows for the website to either send you an SMS message, email or for you to enter a code from your phone into the site. This makes hacking your accounts extremely difficult for attackers.
Stolen data has become such a huge issue as more and more sites are breached. Using have I been pwned can be a valuable tool to let you keep track of which sites have lost control of your data. Many breaches never make it to the mainstream news so you may never be aware of them. But the risk is still there, especially if you’re using the same email address and password for most or all of your accounts. Since using this site is free, it doesn’t matter how often you use it. I would recommend going at least once per month to be sure.
After that, install Lastpass and start using it to create secure passwords for all of your online accounts. This will go a long way to preventing future attacks. If one of your accounts is stolen it won’t have any impact on the others.