Have i been pwned
Have i been pwned?
Safely check to see if your email has been compromised and on what websites.
What is a “breach” and where has the data come from?
A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. HIBP aggregates breaches and enables people to assess where their personal data has been exposed.
These breaches could come from a large number of sources, these breaches happen all the time so always best to keep checking the database.
The breach itself can come from a hack, an unsecured site or a site which has a vunerability.
How is a breach verified as legitimate?
There are often “breaches” announced by attackers which in turn are exposed as hoaxes. There is a balance between making data searchable early and performing sufficient due diligence to establish the legitimacy of the breach. The following activities are usually performed in order to validate breach legitimacy:
Has the impacted service publicly acknowledged the breach?
Does the data in the breach turn up in a Google search (i.e. it's just copied from another source)?
Is the structure of the data consistent with what you'd expect to see in a breach?
Have the attackers provided sufficient evidence to demonstrate the attack vector?
Do the attackers have a track record of either reliably releasing breaches or falsifying them?
What is a “paste” and why include it on this site?
A “paste” is information that has been “pasted” to a publicly facing website designed to share content such as Pastebin. These services are favoured by hackers due to the ease of anonymously sharing information and they’re frequently the first place a breach appears.
HIBP searches through pastes that are broadcast by the @dumpmon Twitter account and reported as having emails that are a potential indicator of a breach. Finding an email address in a paste does not immediately mean it has been disclosed as the result of a breach. Review the paste and determine if your account has been compromised then take appropriate action such as changing passwords.
My email was reported as appearing in a paste but the paste now can’t be found
Pastes are often transient; they appear briefly and are then removed. HIBP usually indexes a new paste within 40 seconds of it appearing and stores the email addresses that appeared in the paste along with some meta data such as the date, title and author (if they exist). The paste itself is not stored and cannot be displayed if it no longer exists at the source.
Take the guesswork out of your IT issues with a FREE IT assessment from qualified experts
Would you like a free no-obligation consultation?
Simply enter your details below and a member of our team will come back to you to discuss this further.