The Latest in IT Security

Website Tells You If Your Password’s Been Leaked

10
Dec
2013

Is your personal information among the data from millions of Adobe, Yahoo and Gawker accounts compromised in the past few years? Now theres an easy way to find out if your information is safe. Have I Been Pwned, a website created by software designer Troy Hunt, aggregates the data of more than 154 million accounts stolen in data breaches at Adobe, Stratfor, Gawker, Yahoo and Sony since 2010, and lets you search for your email address among all of them. The site doesnt incorporate the 2 million stolen Facebook, Yahoo, Google and Twitter accounts revealed earlier this week, but it may add those soon. MORE: 7 Ways to Lock Down Your Online Privacy Hunt was able to collect all this information into one site because after each of these five breaches, the culprits posted the stolen information online. If Have I Been Pwned tells you your email address is among these five sets of data, the first thing youll need to do is change the passwords on those accounts. If you used the compromised password anywhere else, you can assume that the hackers — and anyone else who took a look at the publicly leaked data — has access to those other accounts and anything associated with them. In most cases, having a strong password — 10 or more characters, including numbers, symbols and capital letters — goes a long way toward keeping an account safe. But if hackers can get access to an unencrypted database of passwords, then even the strongest password is no safer than abysmal but common passwords such as 123456 or  password. In Adobes case, users with a stronger password were a little better off because the data was protected with rudimentary encryption. However, cracking the weaker passwords in Adobes database may have helped the hackers break the encryption on the stronger passwords, which means anyone whose account was leaked in the Adobe breach is potentially at risk. A leaked password isnt the only potential danger resulting from a data breach. Many of the breached websites stored their users email addresses in plaintext — unencrypted and perfectly readable. MORE: Top 10 Apps for Remembering Your Passwords If your email address is among the exposed, be extra wary of any unfamiliar or suspicious-looking emails in your inbox. Those messages may be part of a phishing attempt, which is when cybercriminals craft an email that looks legitimate or appealing in order to trick you into clicking a bad link or downloading a malware-infested attachment. The data breaches at Adobe, Gawker, Yahoo, Stratfor and Sony are among the biggest of the past several years, but theyre by no means the only ones. Hunt plans to add other publicly exposed data sets to Have I Been Pwned?, which would make the website more thorough. Clearly we havent seen the last of the data breaches, of that there can be no doubt, wrote Hunt on his blog. Now that I have a platform on which to build, Ill be able to rapidly integrate future breaches and make them quickly searchable by people who may have been impacted. Email [email protected] or follow her @JillScharr and Google+ .  Follow us @TomsGuide , on Facebook and on Google+ . 13 Security and Privacy Tips for the Truly Paranoid Encryption: What it Is and How it Works for You 12 More Things You Didnt Know Could Be Hacked Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Tags:  
Comments are closed.

Categories

WEDNESDAY, NOVEMBER 13, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments