Have i Been Pwned (shortened to HIBP) is a free service within everyone’s reach that allows us to find out if our digital data such as email addresses, passwords, accounts, or anything else are on any data breach lists and which ones specifically.

By now we hear more and more cases of even famous companies, online games or web services falling victim to data breaches, with numerous lists of accounts, passwords, email addresses and other personal data being poured into the Dark Web.

What is a data breach

A data breach is a security breach that accidentally or unlawfully results in the accidental or unlawful access, destruction, loss, modification, or disclosure of personal data transmitted, stored, or processed by unauthorized users.

In recent years, several companies have been victims of data breaches such as: Yahoo, Facebook, MySpace, the adult website CAM4, LinkedIn, and many others. The amount of data is impressive and ranges from user accounts to even bank details, payment methods, physical residential addresses and other potentially very sensitive data.

How does it work Have I Been Pwned service

Have I been Pwned is a useful service for finding out if you are among the victims of a data breach and which one. Credit is due to Troy Hunt, who wanted to create a free and easy-to-use site in order to check by entering your email address whether that address is on the currently discovered data breach lists.

Once we enter the email address to verify we will get one of the following two messages:

“Good news – no pwnage found!” in case there was no breach of our data;
“Oh no – pwned!” if the typed email was found in one or more data breaches.

The search can be used not only for emails but also for phone numbers, just enter instead of the email address the phone number to be checked complete with area code.

You can also do a search regarding your own passwords used by selecting the dedicated page from the top menu of the website.

Do you also want to verify that your data is safe? Try the HIBP service!

What to do in case my data is in one or more data breaches?

  • First check that the exposed accounts are still active and working.
  • If there has been unauthorized access notify the appropriate authorities immediately in case of tampering, identity theft, unauthorized operations, and the like;
  • Immediately change the password of exposed accounts and if possible always use two-factor authentication to increase the security level of your accounts;
  • Never use the same password on multiple accounts, but create unique passwords for each account. A password manager can make this job easier for you if set up properly.

If you want to learn more about how to increase the security of your personal data online, you can read some of our tips in the dedicated article ➡ Security: 9 Tips to Protect Your Data.

Images by Pexels



Leave a Reply