Not a month passes without new headlines about some popular web service suffering some kind of cyberattack. In the last few weeks alone we’ve seen stories of serious security breaches of Opera browser’s file-syncing service, millions of DropBox accounts, and, most recently, Yahoo’s email service. All this means now might be a good time to check if any of your email accounts have been affected by these incidents. Luckily, this is super easy with the app Have I been pwned?
The app is based on the database used by the webapp of the same name, which searches all email accounts affected by the successive data leaks of recent years that have been distributed throughout the Deep Web. The trade in stolen login details by hackers is hopping, and in many cases the hackers themselves openly offer stolen content (or email addresses, at least) to prove they’ve actually carried out a hack.
If you enter your email address you can view a list of the sites you’ve registered on with that account and that have seen some sort of data theft. Don’t freak out if you get eight possible security holes, as practically everybody has been exposed at one point or another by using a big-name site like LinkedIn, Adobe, Dropbox, Tumblr, or Yahoo.
Do you use the same email address and password in lots of places? BE CAREFUL
What you should keep in mind is that it’s not for simply having registered on a site that’s been hacked that you might be in trouble. In most cases the owners of the affected site inform their users of any breaches and require them to change their passwords upon their next login. Likewise, when millions of account details get stolen at once, it might well be the case that no one tries to access yours straightaway. This means if you change your details in time, there’s no harm done. That said, the real problem lies in the fact that you use the same address and password on other web services you’ve practically forgotten about. So be careful.
A good way to cover your back is to search for all the places you’ve used the compromised email account and change your password on all of them. As trying to locate all those sites from memory is pretty crazy-making, a good method might be to search your inbox for words like register or login. Almost all sites send a confirmation email when you create a new account, so this trick might be a good place to start. Here we’d usually recommend services like LastPass that unify and manage all your passwords, but not even those have proved immune to hacking problems.