News of site hacks and stolen passwords is becoming almost routine, barely a week goes by when we don’t hear of yet another break in. With major players such as Yahoo, Sony, Adobe, Facebook, and Google involved, it is definitely a concern.
Fortunately, many hackers appear to enjoy publicizing their feats, often publishing details of hacked databases and stolen passwords. Why fortunate? Because an Aussie software architect and Microsoft MVP has taken advantage of these hackers’ predilection for gloating to assemble all this available data into a single searchable database.
Now that I have a platform on which to build I’ll be able to rapidly integrate future breaches and make them quickly searchable by people who may have been impacted. It’s a bit of an unfair game at the moment – attackers and others wishing to use data breaches for malicious purposes can very quickly obtain and analyse the data but your average consumer has no feasible way of pulling gigabytes of gzipped accounts from a torrent and discovering whether they’ve been compromised or not.
To check and see if your details appear on any of those lists, just head on over to the Have I been pwned website and type in your email address. If that email address is included in the database of assembled lists you will be warned immediately and the account name identified.
If it happens that your details have indeed been compromised you’ll need to take remedial action, depending on whether you used a unique password or not. If you did use a unique password, logon to the affected account and change your password as soon as possible. If not, and you have used the same password on multiple sites, you’ll need to change the password on all those sites as well.
You’ve heard it before but it’s worth re-iterating; you can alleviate much of the risk involved with these database hacking attacks by utilizing a different/unique password for each and every online account. If you’ve already utilized the same password for multiple accounts, we strongly suggest you remedy that situation asap.
I found one of my emails on this database,and have changed the password, however Is it possible to find out when the account was compromised? I have changed passwords on this email account frequently but they are not all unique to this email account, at various times I have used the same password for several websites due to the sheer amount of passwords I need to manage. I have changed all sites that I suspect I used these passwords on as a precaution but sis someone who maintains up to date virus guards, anti malware and firewall I am concerned about how this account was compromised.
This has nothing to do with your own local security Paub, it’s down to the site where the account details are stored. You can utilize the strongest possible security at your end but none of that will help if the site where you have an account is hacked and the crims gain access to that database.
Best practice is to use a different password for each separate account but it’s not always critical. We can generally divide sites/accounts into two basic categories, critical and non-critical. Examples of critical accounts would be PayPal and Banking… any account which could leave you vulnerable to damage, either financial or personal. Non-critical accounts are those where repercussions would be negligible, such as blogs, forums, etc. One can pretty much rate sites/accounts on a “what’s the worst that can happen” basis.
For example; if you share a password across several forums, blogs, or any non-critical sites, there is very little risk involved, provided you do not also use that same password for one of your more critical accounts. It’s when someone shares the same password across non-critical and critical accounts that the risk becomes much more severe, because the repercussions can be much more serious.
Cheers… Jim
Thanks Jim, yes that is what I have now done, unique passwords for criticals like bank etc and shared across non criticals. Many thanks for great useful articles.