Have i been pwned? What to do When it Happens

Have I been pwned? is the Robin Hood of data breaches. Have I been pwned is a website that sifts through mountains of stolen personal information from data breaches, then organizing everything so users can find out if they're one of the victims! 

All you have to do is go to their site, type in your email, and it’ll tell you everything the Internet knows about you:

undefined

We have a bittersweet appreciation for have I been pwned?. On the one hand, it's fantastic that victims have a way to discover if they've been pwned, but on the other hand, it saddens us that we need such a service!

Data breaches have increased significantly since 2019. With no signs of decreasing, companies must do everything they can to prevent data breaches. One of the best ways to protect yourself from data breaches is to simply change your password. But with so many passwords required day in and day out, people seldom do. 

With a password manager, you can frequently change your passwords and still remember them all.

Using a robust password manager like TeamPassword makes it easy to share credentials with team members while preventing attackers from accessing your company's digital assets.

‏‏‎ ‎

What is the site "have I been pwned?" - haveibeenpwned.com

have I been pwned? is a web service that collects and organizes personal information from data breaches. Users can enter their email or mobile number on the home page to find out if they're among the victims.

The service is free, but there is an option to donate to have I been pwned?—something we encourage people to do! have I been pwned? provides a valuable service that government agencies should have done a long time ago!

With the looming fear of extortion emails from the Ashley Madison breach in 2015, users flocked to have I been pwned?—resulting in a 57,000% increase in website traffic!

Security firms and government agencies encourage businesses and individuals to use the service to stay ahead of possible cyber attacks.

Today, have I been pwned? gets over 165,000 daily visitors, has an email list of over 3 million subscribers, and a database of almost 10 billion compromised accounts!

pwned? That's a Funny Name!

Pronounced poned (with a hard "p") pwned originates from the popular game Warcraft back in the early 2000s. The game's developers misspelled owned as pwned. 

Gaming enthusiasts and Internet message boards adopted the new term when speaking about "owning" someone. Hackers also use pwn as a slang term when breaching a network or device.

And thus, have I been pwned? was born!

Who is behind haveibeenpwned.com?

After a spate of high-profile data breaches, Australian security expert Troy Hunt founded “have I been pwned?” in December 2013. Troy says the Adobe breach of 2013 affecting 153 million accounts was the catalyst to start the service.

When Troy started in 2013, he indexed just five data breaches: Adobe Systems, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures.

Today, have I been pwned? has 556 compromised websites affecting more than 11 billion accounts!

Troy and his team have created tools and systems to update the website as soon as they're made public. have I been pwned? also lists its recently added breaches and the largest data breaches—the current number one being Collection #1's 2019 breach affecting 773 million unique email accounts!

Troy also has a blog where he releases details about data breaches and discusses cybersecurity matters.

‏‏‎ ‎

How does the site "have I been pwned" Work?

Users have a few search options on have I been pwned?. On the home page, you can enter your email or mobile number to do a personalized search. 

Users can also perform a domain search, a helpful feature for companies to determine if they've been pwned.

You can also sign up to the have I been pwned? mailing list for instant updates to the latest breaches and notification if your email is ever compromised.

Collecting and Categorizing Data

Data breaches contain thousands or millions of records (billions of records in the most extreme cases!). Some records have personal information, while others are more mundane. It's not as simple as importing those records into a spreadsheet and searching for a specific user.

Records are not always easy to read. They often reference a user's account number or other non-personal identifiers. For example, if you see a record containing credit card details and a personal identifier, you have to search the database using that identifier to find the actual user.

Even if you find the user, you might need to search several folders to see all of their personal information.

Most people don't have the time or resources to sift through gigabytes of data, trying to find out if they're victims of a breach.

"It's a bit of an unfair game at the moment – attackers and others wishing to use data breaches for malicious purposes can very quickly obtain and analyse the data, but your average consumer has no feasible way of pulling gigabytes of gzipped accounts from a torrent and discovering whether they've been compromised or not." - Troy Hunt, have I been pwned? Founder,

have I been pwned? organizes all of that personal data into searchable databases so users can find their stolen data fast!

‏‏‎ ‎

What to do if You Have Been Pwned

So, what do you do if you find out you're a data breach victim?

The first thing you must do is change all of your passwords linked to that email address. You should be changing your passwords monthly for personal accounts, while businesses might want to consider changing passwords weekly.

Changing your passwords monthly or weekly can be challenging without a password manager. With TeamPassword, you can change account credentials and update them for all users with one click.

If the account has sensitive data, you might want to consider changing the email address too. That way, if you receive any correspondence to the compromised email, you can mark it as spam and delete it.

Lastly, be hyper-vigilant when it comes to emails containing links and attachments—not only if you're a victim of a data breach. Get into the habit of checking the sender's email address properly, even if it appears to come from a familiar source.

For example, if you get an email that someone has sent you a message in Slack, delete the email and open Slack separately. Do this for all accounts where you receive notifications: WordPress, flight bookings, social media, marketing/productivity tools, and other web/app accounts.

Attackers often send fake correspondence from seemingly legitimate sources to get you to click a link or open an attachment. Doing so will install malware, giving criminals remote access to your device where they can steal personal information and passwords!

‏‏‎ ‎

Protecting Your Passwords

Passwords are the keys to our digital assets and accounts. Just like you protect your home or office with locks and alarms, so too must you secure your online presence.

For individuals, securing credentials is relatively simple but still requires you to be "street smart."

But, for a company sharing credentials with multiple teams, clients, freelancers, and contractors, password management is significantly more challenging.

Companies that don't use a password manager to share credentials safely with coworkers are vulnerable to attack, particularly if team members use emails and spreadsheets for sharing.

Many companies also use weak passwords or the same passwords for multiple accounts, making it easy for attackers to guess the credentials! With so many free secure password generators available, this practice is simply inexcusable.

‏‏‎ ‎

The TeamPassword Solution for Small Businesses

Large organizations with massive cybersecurity budgets have access to sophisticated tools and systems to prevent breaches—and still fall victim to attacks!

For small businesses, most of these cybersecurity tools are simply too expensive!

TeamPassword is an affordable password management solution with robust security features and state-of-the-art encryption technology.

Safe & Easy Password Sharing

Instead of sharing raw login credentials, you provide access to team members through TeamPassword. Employees then use one of TeamPassword's browser extensions (Chrome, Firefox, and Safari) to log into accounts.

Create groups for your various accounts and provide access through TeamPassword only to those who need it. When someone no longer requires access, remove them with a single click.

Say Goodbye to Weak Passwords

With TeamPassword's built-in password generator, you never have to worry about weak passwords or reusing the same credentials for multiple accounts.

Instantly create robust passwords from 12-32 characters with lowercase, uppercase, symbols, and numbers. TeamPassword references your saved passwords to ensure you never reuse the same credentials.

If you need to change a password, you can generate a new password and update the new credentials for all users—while they continue to work without disruption or asking why they can't log in!

Prevent a TeamPassword Breach with Two-factor Authentication

Coworkers can secure their TeamPassword account with two-factor authentication (2FA). If an attacker manages to steal an employee's TeamPassword credentials, 2FA prevents criminals from accessing the account.

TeamPassword uses Google Authenticator for 2FA, available on all mobile devices, including iOS and Android.

Activity Logging & Notifications

Monitor your company's digital assets using TeamPassword's activity log. The activity log lets you see who has logged in and when, new members added to a group, password updates, and more.

You can also set up email notifications for instant alerts to all of TeamPassword's actions. Perfect for monitoring sensitive data and accounts.

‏‏‎ ‎

Sign up for Free Today

Don't let hackers pwn you or your company! 

Stay ahead of data breaches and secure your company's digital assets with TeamPassword. Sign up for a 14-day free trial and start sharing passwords securely with TeamPassword today!