The number of hacked websites and applications is rapidly increasing these days. This exposes the data in the event of a data breach and end up on the internet. Your personal information, along with that of millions of other users, could already be accessible on the internet without your knowledge. But how do you know if your data is exposed on the internet? Use the free online search engine ‘Have I been Pwned’ to check if your e-mail address and password have been compromised. This is a good first step to take, but it is important to know what to do next to protect your privacy. We will briefly explain how Have I Been Pwned works, and what can you do to protect your data.
What is Have I been Pwned (HIBP)?
Troy Hunt is the founder of the Have I been Pwned website. The idea was to create a free database for anyone who would like to quickly check whether their data has been exposed due to a data breach. When a popular app or platform is hacked, chances are that your data has also become public. Data such as usernames, passwords, telephone numbers, e-mail addresses and addresses are then exposed and are often sold on the black market. Hunt made the free website as simple as possible so that it was easy to access and understand. All costs to maintain the service and the building came out of his own pocket.
What data does the Have I Been Pwned database contain?
For some time, the login details of hacked platforms have been floating around the internet. For years, hackers have been targeting websites and applications. They attempt to acquire personal information with the intent of reselling it or using it for criminal purposes. Troy Hunt often performed post-breach user account analysis. Over and over, he kept seeing the same accounts with their data exposed. Many users tend to use the same passwords, making them an ideal target for hackers.
Major data breach at Dropbox (2012)
Dropbox’s 2012 data breach is an example of a big data breach. In 2012, Dropbox suffered one of the biggest data breaches, impacting over 68 million users. This was only made public in 2016. Because of an employee password, the hackers obtained access to Dropbox’s networks in 2012. The employee used the same LinkedIn password, which was exposed when the LinkedIn network site was also hacked (RTL Nieuws, 2017).
Recent data breach at Facebook (2021)
Earlier this year, a file with the personal information of millions of Facebook users had leaked online. The file contains details such as the name, address, and phone number of over 533 million users. Fortunately, there are no visible passwords. The data breach consists of information that was already collected in 2019. In that year, a database full of phone numbers of Facebook users was discovered by the website TechCrunch (RTL Nieuws, 2021).
Have I been Pwned keeps all data private
The Have I Been Pwned database is set up in such a way that they can already see if the password is exposed via a username, e-mail address, or phone number. This database only collects the e-mail addresses and phone numbers of people whose login details has been floating around the internet for quite some time. HIBP does not make passwords public, nor does it store them.
How do you check whether your data is exposed?
Simply go to haveibeenpwned.com and enter your email or phone number. Then click “Pwned?” If you’re lucky, you have not yet been pwned, and therefore your data has not been leaked by any of the data breaches engaged by this website. If you have been pwned, the site will show a list of all websites or apps that have ever had a data breach and from which your data has been compromised. There are currently over 11 billion accounts whose data has been compromised. Here is a list of all the platforms and applications that have been hacked.
Check whether your data is exposed in the latest Facebook data breach
Check the Facebook leak checker at https://jstsch.com/facebook to see if your phone number is in the leaked data. If your name appears in the leaked database, you do not need to change your password immediately because your password has not been compromised. It’s especially important to keep an eye out for suspicious messages asking if you can transfer money via WhatsApp or SMS. They often act as someone close to you in order to obtain money. Please give them a call to double-check.
What to do if your personal information is on Have I Been Pwned?
Change your password immediately, if the data breach leaked your password. This applies to all apps and platforms where you use this password. Even if you have an account with an app or platform that has not been the victim of a data breach, it is a significant risk to keep the same password. Never use the same password on multiple websites because hackers can immediately access everything if they have your password.. In the best scenario, you always use a completely unique password to log in to a website.
TIP: When creating a strong password, use a combination of uppercase and lowercase letters, numbers, and symbols.
Of course, remembering all your unique passwords is difficult. That is why it is beneficial to use a tool that securely stores all your complicated passwords. This way, you will never have to remember a complex password or use the same passwords. Dashlane, for example, is a free password manager that securely stores and encrypts all your passwords.