Data breaches are alarmingly common, and companies tend not to be much in the way of help when your information is on the line. Luckily, a website called “Have I Been Pwned” has your best interests at heart and all you need is your email address.
In the wake of massive breaches such as the one which affected literally billions of Yahoo accounts, we’ve seen countless cases of data breaches being announced weeks, months, and even years after the fact. Minutes matter when dealing with breaches, and while using “Have I Been Pwned” doesn’t offer an immediate solution if your account has been compromised, it’s a handy tool if you’re looking for empirical proof of hacking (seemingly inspired by PwnedList which was acquired years ago).
Determining whether you’ve been hacked is a straightforward process – on the Have I Been Pwned website, enter the email address for the account about which you’re concerned. The site will analyze the available data and then generate a report for your account. If your account isn’t safe, you’ll receive a warning message.
Unfortunately, that’s as far as the service goes — aside from encouraging you to install a prophylactic password manager (or maybe getting paid for you to do so), “Have I Been Pwned” doesn’t offer solutions for compromised accounts.
As you might imagine, installing a password manager isn’t helpful if you’ve already been hacked. What you CAN do in the event of a red flag is change your password and alert as many contacts as possible; if you aren’t able to access your account, you should freeze any connected payment options, report the hack to the service’s support center, and change any connected accounts’ passwords.
The “Who’s been pwned” tab at the top of the site also has some useful information if you’re looking for a general list of data breaches over the years. Many people forget about unattended accounts created for services they never used; since the overwhelming majority of Americans also reuse passwords, checking this list for accounts you might have used can give you some much-needed incentive to change your password for any related accounts.
If there’s anything one can take away from the sheer volume of sites on the “Have I Been Pwned” breach list, it’s that your passwords are often the only thing standing between you and profound sadness. Use strong, unique passwords for your accounts, and check your email address frequently — or run the risk of getting pwned.