Website Tells You If Your Password's Been Leaked

Tech Media Network (Tom's Guide)
Website Tells You If Your Password's Been Leaked
.

View photo

Is your personal information among the data from millions of Adobe, Yahoo and Gawker accounts compromised in the past few years? Now there's an easy way to find out if your information is safe. Have I Been Pwned, a website created by software designer Troy Hunt, aggregates the data of more than 154 million accounts stolen in data breaches at Adobe, Stratfor, Gawker, Yahoo and Sony since 2010, and lets you search for your email address among all of them. The site doesn't incorporate the 2 million stolen Facebook, Yahoo, Google and Twitter accounts revealed earlier this week, but it may add those soon. MORE: 7 Ways to Lock Down Your Online Privacy Hunt was able to collect all this information into one site because after each of these five breaches, the culprits posted the stolen information online. If Have I Been Pwned tells you your email address is among these five sets of data, the first thing you'll need to do is change the passwords on those accounts. If you used the compromised password anywhere else, you can assume that the hackers — and anyone else who took a look at the publicly leaked data — has access to those other accounts and anything associated with them. In most cases, having a strong password — 10 or more characters, including numbers, symbols and capital letters — goes a long way toward keeping an account safe. But if hackers can get access to an unencrypted database of passwords, then even the strongest password is no safer than abysmal but common passwords such as "123456" or  "password." In Adobe's case, users with a stronger password were a little better off because the data was protected with rudimentary encryption. However, cracking the weaker passwords in Adobe's database may have helped the hackers break the encryption on the stronger passwords, which means anyone whose account was leaked in the Adobe breach is potentially at risk. A leaked password isn't the only potential danger resulting from a data breach. Many of the breached websites stored their users' email addresses in plaintext — unencrypted and perfectly readable. MORE: Top 10 Apps for Remembering Your Passwords If your email address is among the exposed, be extra wary of any unfamiliar or suspicious-looking emails in your inbox. Those messages may be part of a phishing attempt, which is when cybercriminals craft an email that looks legitimate or appealing in order to trick you into clicking a bad link or downloading a malware-infested attachment. The data breaches at Adobe, Gawker, Yahoo, Stratfor and Sony are among the biggest of the past several years, but they're by no means the only ones. Hunt plans to add other publicly exposed data sets to Have I Been Pwned?, which would make the website more thorough. "Clearly we haven't seen the last of the data breaches, of that there can be no doubt," wrote Hunt on his blog. "Now that I have a platform on which to build, I'll be able to rapidly integrate future breaches and make them quickly searchable by people who may have been impacted." Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+ .  Follow us @TomsGuide , on Facebook and on Google+ . 13 Security and Privacy Tips for the Truly Paranoid Encryption: What it Is and How it Works for You 12 More Things You Didn't Know Could Be Hacked Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Is your personal information among the data from millions of Adobe, Yahoo and Gawker accounts compromised in the past few years?

Now there's an easy way to find out if your information is safe. Have I Been Pwned, a website created by software designer Troy Hunt, aggregates the data of more than 154 million accounts stolen in data breaches at Adobe, Stratfor, Gawker, Yahoo and Sony since 2010, and lets you search for your email address among all of them.

The site doesn't incorporate the 2 million stolen Facebook, Yahoo, Google and Twitter accounts revealed earlier this week, but it may add those soon.

MORE: 7 Ways to Lock Down Your Online Privacy

Hunt was able to collect all this information into one site because after each of these five breaches, the culprits posted the stolen information online.

If Have I Been Pwned tells you your email address is among these five sets of data, the first thing you'll need to do is change the passwords on those accounts.

If you used the compromised password anywhere else, you can assume that the hackers — and anyone else who took a look at the publicly leaked data — has access to those other accounts and anything associated with them.

In most cases, having a strong password — 10 or more characters, including numbers, symbols and capital letters — goes a long way toward keeping an account safe.

But if hackers can get access to an unencrypted database of passwords, then even the strongest password is no safer than abysmal but common passwords such as "123456" or  "password."

In Adobe's case, users with a stronger password were a little better off because the data was protected with rudimentary encryption. However, cracking the weaker passwords in Adobe's database may have helped the hackers break the encryption on the stronger passwords, which means anyone whose account was leaked in the Adobe breach is potentially at risk.

A leaked password isn't the only potential danger resulting from a data breach. Many of the breached websites stored their users' email addresses in plaintext — unencrypted and perfectly readable.

MORE: Top 10 Apps for Remembering Your Passwords

If your email address is among the exposed, be extra wary of any unfamiliar or suspicious-looking emails in your inbox. Those messages may be part of a phishing attempt, which is when cybercriminals craft an email that looks legitimate or appealing in order to trick you into clicking a bad link or downloading a malware-infested attachment.

The data breaches at Adobe, Gawker, Yahoo, Stratfor and Sony are among the biggest of the past several years, but they're by no means the only ones. Hunt plans to add other publicly exposed data sets to Have I Been Pwned?, which would make the website more thorough.

"Clearly we haven't seen the last of the data breaches, of that there can be no doubt," wrote Hunt on his blog. "Now that I have a platform on which to build, I'll be able to rapidly integrate future breaches and make them quickly searchable by people who may have been impacted."

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
View Comments (34)