Data breaches frequently occur on websites. They often happen when a hacker illegally obtains data from a system by exploiting the weaknesses of a site, leading to vast swathes of user data becoming publicly accessible.
Australian Microsoft Regional Director Troy Hunt created a website called ‘Have I Been Pwned.’ It’s a free, online source that allows people to check if their online accounts have been comprised in a data breach.
Although the site “didn’t take long to build originally”, Mr Hunt told The New Daily, the idea was initially sparked after hackers stole login information and credit card numbers from Adobe users in 2013.
He said that ‘Have I Been Pwned’ helps to “minimise the impact” of breaches.
How can I tell if a website is secure to handle my data?
Mr Hunt said ultimately “you have no idea” if a website is secure.
How can I check if my email has been comprised?
‘Have I Been Pwned’ allows you to quickly search to see if your email address has been a victim of any data breach.
- Go to www.haveibeenpwned.com in your web browser.
- Enter your email address and click ‘pwned?’
- This will show if any breaches have occurred.
- To be notified of any future compromises, click the ‘notify me’ button on the top, left hand side of the screen and enter in your email address.
How can I check if my password has been leaked?
As well as checking your email address, ‘Have I Been Pwned’ allows you to check for password leaks.
The site has a list of half a billion real world passwords that have been previously exposed in data breaches.
If your password has been exposed, it is unsuitable for ongoing use and you should change it immediately.
- Go to www.haveibeenpwned.com/Passwords in your web browser.
- Enter in a password you have used for a site and click ‘pwned?’
- This will show if that particular password has been leaked.
What can I do to ensure my details are not breached again?
Due to users having the same password for multiple sites, it is easy for one data breach to effect other accounts.
Mr Hunt suggests to have different passwords for each site you use. You can control this by using a password manager. He recommends using 1Password.
Password managers are browser plugins that encrypt and store passwords for different online accounts. They are all protected by a master password.
“They are very well engined to be exceptionally safe as they can be,” Mr Hunt said. “They eliminate the risks.”
Another way to protect your details being comprised is to use a Two Factor Authentication, known as 2FA.
2FA is an extra layer of security that requires a password, username and piece of information that only the user will know.
It helps lower the number of breaches and even identity theft as hacker needs more than just the username and password details.
Finally, signing out of each browser at the end of your session eliminates someone comprising your details if they have access to your computer.