This Site Knows If Your Online Accounts Have Been Hacked

Original Source: http://www.hongkiat.com/blog/have-i-been-pwned/

Over the years, many websites and services have been hacked by groups of black hat hackers. Stemming from these hacks are lists containing compromised emails and their accompanying passwords, all of which are frequently used by these groups as bargaining chips to extort their victims for money.

Due to the amount of data that is stolen from these hacks, it could be a tedious affair to sift through the information to find out if your email and password could be compromised.

To make this process easier, Microsoft Regional Director and MVP for Developer Security Troy Hunt has used his own spare time to develop a website called “Have I Been Pwned?” that can help users find out if their login credentials are at risk.

The way this website work is relatively straightforward: the user inputs either their email address and password into the provided dialog box and click on the “pwned?” button. After a few seconds, the website would spit out information regarding the safety of their login credentials.

If the login credentials in question are safe, the website would display a green label that informs the user that their login credentials do not appear in the database, making them safe as of the time of checking.

green labelgreen label

However, if the login credentials were to appear in the database of known hacks and passwords, the website would throw up a red-colored warning that informs the user that their credentials may be compromised.

In the event that the user is looking up their email address or usernames, the website would also highlight the hacks that may have compromised their credentials.

you've been pwnedyou've been pwned

The information that is used to create Have I Been Pwned? has been sourced from lists from Anti Public data dump and Exploit.in. As such, the website has a certain degree of accuracy when it comes to identifying whether or not a password has been compromised.

While the list is reliable, Hunt has mentioned that the website is by no means perfect, and that users should still be vigilant about their account’s security.

Most importantly of all, Hunt explicitly reminds those who are looking to use the website to never input a password that they are currently using for their accounts. While the website does not log passwords, Hunt believes that inputting a password into any random third-party service isn’t exactly a wise move.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *