10 Billion Hacked Accounts Show Why You Need ‘Have I Beened’
Popular data leak tracker Have I Been Pwned closes 10 billion hacked accounts. Think about it for a minute: ten. billion. accounts . For comparison: about 7.7 billion people live on Earth. It would be as if every person on the planet had a hacked Facebook account – or even several more.
I took a look at the numbers from the Have I Been Pwned RSS feed, which seems to me to be missing even a few recent hack advertisements, and we’ve already reached over 71 million compromised accounts in a year. The biggest infringement the site has made on its records in 2020 was the disaster of Israeli marketing company Straffic, which exposed a database containing 140 GB of personal data (including 49 million unique email addresses, as well as various usernames, phone numbers, etc.). And addresses).
In other words, now is the perfect time to subscribe to Have I Been Pwned in full . But let’s go over the basics if you’re not sure.
We find out I was caught
Site creator, Microsoft Regional Director and Information Security Specialist Troy Hunt , offers you a service that you can use completely free of charge. All that is required for this service is your email address; when the specified email address is discovered in one of the many data breaches occurring over the course of a year, you get a message about it. This message urges you to harden the security of this service and, if you were lazy, warns you that the uniform password that you use for many services is now at risk. You should change this now (and please stop using the same password for multiple sites or services).
Don’t trust companies to promptly notify you of data breaches.
The best thing about Have I Been Pwned, as we discussed in a previous version of this article, is that the site sometimes gets ahead of the company in disclosing information. When CafePress had a huge data breach in February 2019, you would have known you were hit by Have I Been Pwned, not CafePress. And even when CafePress did notify its users of the hack, it didn’t: it only informed users that they needed to change their passwords without giving a reason for this seemingly random request.
Signing up for the Have I Been Pwned notification service is easy . But you don’t even need to use this form if you don’t want to. Tools like Firefox Monitor and 1Password already integrate the Have I Been Pwned database, so you should also be notified this way if your saved passwords are involved in a hack. (I prefer a scary email that makes sure I’m paying attention to the warning, but that’s just me.)
Some security utilities don’t use Have I Been Pwned, which is fine.
While there are many other tools that do not use Have I been Pwned information, they are still useful if you want to know if your accounts are potentially compromised. On mind comes the expansion of the Google the Password Checkup , which you may not even be necessary if you save your password through the browser itself .
There’s also pwdquery , which teases which of your passwords must be changed, instead of just warning you that any service associated with your email address is at risk. If your password manager supports them, you might evenfind a plugin that also checks your accounts against the Have I Been Pwned database.
Avoid scammers who want to exploit your data security concerns
There are also a number of sites and extensions with similar topics that should be avoided. Ghostproject.fr is one such example. While you can certainly use it to find out which leaked passwords might be associated with your email address, the site also begs you to pay them money to unlock the full password itself. In other words, he basically says to child screenwriters, “Give us money and any emails you want and we’ll give you this person’s password.”
Admittedly, anyone halfway through should just be able to find a set of violations that are likely to contain enough information to allow them to log in as you are somewhere, provided that you are still using the same credentials as in violation. And that’s, above all, the reason why a service like Have I Been Pwned is so important – it gives you the best chance of staying ahead of a data disaster given how easy it is for someone to beat you. Lifehacker cannot sufficiently recommend this service given its value in addition to all the other methods you need to use to keep your internet safe .
This article was originally published in 2019 by David Murphy and updated on April 9, 2020 by David Murphy. We’ve revamped the entire article to reflect more current account security information and the latest security breaches. This includes changing and modifying screenshots, editing a title, and editing body text.