The other day I came across this tweet from Scott Hanselman, a well known Microsoft developer, linking to a website called https://haveibeenpwned.com/ where you can check if any of your email addresses or user names has ever been involved in a hack or data-breach. Great Christmas gift… 🙂
Happy holidays! Is your password known to bad guys? https://t.co/7jvDXcM6f6
— Scott Hanselman (@shanselman) 23 december 2017
These days you’ll hear about data breaches every other day, and sometimes it involves services used by so many people that the impact is huge. Like the Yahoo hack for instance where many millions of users were affected, and what’s worse: Yahoo keeping quiet about it.
The risk of a snowball effect is also huge since still too many people use the same password over and over again on all their accounts (or way too easy to guess variations thereof), which opens the door to all your stuff as soon as any of your accounts gets breached. On the website Scott mentions, you can check any username or email address on whether it was compromised in a known data-breach.
When it finds breaches, you’ll get presented with a list names of accounts that were compromised and an explanation of when the breach happened and the extent of data compromised. Like this Dropbox breach for instance:
Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).
Compromised data: Email addresses, Passwords
So, if any of your stuff shows up on this site, make sure you change your passwords if you didn’t already since the breach. Luckily most breached parties notified their customers as soon as the breach had been discovered, but there are also quite some companies who don’t, like aforementioned Yahoo for instance. So bookmark this website and check every once in a while if you’re still safe from the bad guys… 🙂
Of course there’s a lot more to say about passwords and internet security, but I’ll have another story on that in an upcoming blogpost. For now: happy holidays! 🙂
A site is cool, but even cooler is a Windows app which will keep your login addresses under constant surveillance and notifies you of any new breaches being discovered. It’s a Windows 10 app, and it’s called ‘Hacked’.