We discuss a useful tool that is great to see if your passwords have been leaked online.
Nearly everyone has many different accounts on the Internet, and they’re most likely protected with the classic password and username/email combination (collectively called your account credentials).
But sometimes these credentials can be stolen and posted publicly on the Internet in what we call a data leak. This can happen after large malware campaigns, mass phishing scams or because the company you have an account with suffered a data breach, resulting in credentials being stolen by cyber crooks.
If your login details for a particular account have been leaked online in this way, it is probably in the form of an incredibly large database containing your username and password, but also the usernames and passwords of thousands (if not millions) of other users as well.
Sponsored Content. Continued below...
Depending on the severity of the leak, sometimes your account credentials can be in plaintext (readable by anyone, just like you’re reading this article) or sometimes it can be in encrypted form (meaning it needs to de decrypted first)
But either way, it’s not something you want online, and if it happens, you’ll want to change your password straight away. Your leaked credentials may come bundled withe the credentials of thousands or millions of others, but it’ll all get passed around, and sooner or later, a crook will be reading your data and will come knocking on your account’s door.
But how do you know if my account credentials have been leaked online?
If the company you have an account with suffered a breach, they should let you know and force you to change your password. But this is not always the case, and sometimes the companies don’t know they were breached. Or if the leak involved a scam campaign that you fell for and didn’t involve a company data breach… Then what?
Luckily there is a public and free website that can tell you if your email address (or phone number) has been involved in a data breach, and if so, what data breach it was.
The website, HaveIBeenPwned.com, does this by collecting all login data that has been known to leak online over the years and makes it publicly searchable. Naturally you can’t find passwords or other sensitive information from the site since that in itself would be a Cybersecurity threat. But you can enter your email or phone number into the site and it will tell you if you’ve been caught up in a data breach and when it happened. Based on that information you can determine if passwords need to be changed and where.
Sponsored Content. Continued below...
And remember, if you’re using passwords in multiple places (which our regular readers will know you certainly shouldn’t be doing) remember to change all instances of those passwords – preferably a different password per account.
The site says there is a match. What should I do?
Don’t panic! There are hundreds of millions of emails in this database, so most people have at some point probably been caught up in a data breach.
Firstly, check what breaches come up as a match. They may be old breaches from years ago, in which case there is a good chance you’ve already changed your password since then. If the breach is recent and likely involves a password you’re still using, change it straight away.
And finally, if you’re struggling for good passwords, remember to try a good password manager such as LastPass (click here.) Also we strongly recommend enabling 2FA account protection to add an extra layer of security to your account.