How To Know If Your Email Has Been Pwned?

According to the Breach Level Index, over 4 million records are lost or stolen every day. Therefore, it is not a surprise potential victims of data breaches are looking for ways to check whether their emails, passwords, or other sensitive information has been pwned. The problem is while you might see reports about breaches that happened the companies who fail to protect the data not always provide the means to check whose information was taken. In fact, some of them hide these incidents ever happened till the very last minute. This is why a need for a way to check the stolen data and see if one's is among it has occurred. Fortunately, one person made it possible by creating an online tool called Have I been pwned. An email address is no doubt one of the pieces of information that are always at risk of being compromised as we usually have to reveal it while registering on various web pages, which is why the mentioned tool focuses on email addresses. Further, in the text, we will talk about how it works and what to do if the user finds his sensitive data among the list of pwned information.

What does pwn mean?

For some of you, the term pwn might be unfamiliar, which is why we would like to explain it in more detail. According to the Oxford Dictionaries, the word pwn was a result of someone mistyping the word own while typing with a keyboard. Apparently, it became popular among computer game players who used it to express their victory against other players as the word stands for “utterly defeat.” However, later on, the slang word was taken by a programming and hacking culture better known as the script kiddie, or skiddie in short as members of it began to use pwn as a synonym for compromising or taking control over another computer, application, etc. Soon enough it was used to describe compromised passwords, email addresses, virtual security, and so on.

How to use the Have I been pawned tool?

Have I been pwned was create by Troy Hunt, a Microsoft Regional Director and an international speaker on web security matters. In the website's introduction, he explains the tool was designed “as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.” By visiting the site users can read more about this project as well as enter their passwords or email addresses to check whether they were exposed during some data breach. There is even an email subscription service that notifies those who sign for it if their account gets ever compromised in the future.

Some of you may wonder where does the site get the stolen information from? It would seem the lists of pwned sensitive data might come from poorly protected servers belonging to the cybercriminals responsible for the particular data breach. For example, in August 2017 a breach called Onliner Spambot occurred during which 711 million unique email addresses were compromised and later the list of them was located on an unprotected server. It is essential to explain, the pwned passwords and email addresses were uploaded to the Have I been pwned website separately, which means it would be impossible to group the two pieces of information together. To check if your sensitive data was compromised, you need to enter it in a specific search box: the one for email addresses is located on the tool's homepage, and the password search is available if you pick the Passwords tab from the website's menu. For instance, entering “mail@gmail.com” into the email search box showed a message saying it has been pwned on 88 breached web pages.

What to do if your email has been pwned?

In case your email has been pwned security specialists recommend changing the account's password and enabling the Two-factor authentication for it. Such actions may prevent cybercriminals from hacking into the account. Nonetheless, even if they cannot steal your account, the hackers could still use the address to send spam, phishing emails, and so on. Thus, for those who know their email addresses were seen in data breaches are advised to pay close attention to what they find in their inbox. Phishing scam emails can impersonate a legitimate company by forging the sender's credentials. Therefore, if you know your email address has been pwned, you should be extra cautious with letters claiming you need to provide your login information or other sensitive data to protect your accounts from hackers.

How to create strong passwords and protect your accounts?

While it may not be in your power to protect your email from being pwned during a data breach, there is something you can do to strengthen the account's security so the hackers would be unable to get their hands on it. For quite some time now users are being advised to pick unique random passwords from at least eight characters because this way the intruder might find it difficult to guess the password if it had nothing to do with the user's name, location, birthdate, etc. Plus, the more characters you use while creating a password, the more possible variants there are, and cybercriminals might have a hard time while trying to figure it out.

The downside of using a random password is it might take a couple of days of not logging into the email, and the password could be forgotten. To avoid such situations, computer security specialists recommend employing a password manager. If you are thinking about trying such software, Cyclonis Password Manager is a great tool. Not only it lets users generate strong random passwords and log in automatically, but also allows to analyze saved passwords to ensure they are strong enough. Plus, all passwords are stored in an encrypted vault and can be seen only after providing a master password.