ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Have I Been Pwned? Check if your email has been compromised in a data breach

(1/2) > >>

Have I Been Pwned is a website/service that allows you to check to see if your email address (or other info) can be found within the database(s) of various sites that have had data breaches over the years. It was mentioned earlier on this site in this thread.

But consider this a friendly reminder/suggestion to occasionally check and see which sites have mishandled your data.

Two out of three emails 'breached' -- but all ones I had heard about already.

I was freaked out lately by a spam email (of a threatening legal you havent paid this bill nature) that had my name, address, and *unlisted* telephone number. Was able to trace it back to a previous 'harmless' spam email, but I was not able to find out how they got my details. They wrote my name incorrectly (was spelled correctly) and wrote the telephone number in a slightly unusual manner. Have yet to follow up on it (not sure yet what I can do, but dont suspect I will have much success anyways).

"[email protected]"

Oh no — pwned!
Pwned on 5 breached sites and found no pastes (subscribe to search sensitive breaches)

A "breach" is an incident where data has been unintentionally exposed to the public.

--- End quote ---
Breaches you were pwned in

Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Compromised data: Email addresses, Password hints, Passwords, Usernames

Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

Compromised data: Email addresses, Passwords

Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

MajorGeeks: In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Malwarebytes: In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
--- End quote ---

Yeah... I've had a number of accounts pwned over the years. Ever since the Gawker hack I've been pretty consistent about always making a new forwarder address for every site/service I sign up for. So if I start getting spam I can just delete that forwarder address and move on with my life (or create a new one to replace it if I still need to use that service). But there have been a time or two where I was careless and used my "main" email address, or accounts created long ago that were long forgotten which have since been pwned, and now I get spam to my normal email address fairly regularly. :(

You'd think I'd have learned my lesson, but just last year I carelessly gave out the main address to a new account I'd created to rid myself of the spam (for some reason it didn't occur to me that I could use forwarders with that account) and just a month or so later the site I'd signed up for was breached.  >:(

Here are the latest results for me:

Breaches — 17 emails found
Pwned sites
Android Forums, Anti Public Combo List
Anti Public Combo List, Exploit.In
Anti Public Combo List, Gamigo
B2B USA Businesses
Nexus Mods
--- End quote ---

Just checked mine again:

Good news — no pwnage found!
No breached accounts and no pastes (subscribe to search sensitive breaches)

--- End quote ---


The e-mail I use for job searches and official stuff was pwned by linked in  :mad:


[0] Message Index

[#] Next page

Go to full version