Starkiller Posted January 17, 2019 Report Share Posted January 17, 2019 For people who may not be aware, this is a handy site to see if your email address (or passwords you commonly use) has shown up in publicly available website security breeches. They just got a big data cache uploaded recently, so it might be worth a look. https://haveibeenpwned.com/ CreepingDeath 1 Link to post Share on other sites More sharing options...
Somedude Posted January 18, 2019 Report Share Posted January 18, 2019 Not a good idea to give your info to this website. Starkiller 1 Link to post Share on other sites More sharing options...
Starkiller Posted January 18, 2019 Author Report Share Posted January 18, 2019 3 hours ago, Somedude said: Not a good idea to give your info to this website. You aren’t giving any info to them. They already have the info. You are just checking to see if your email address (or password) is in their database. Btowner 1 Link to post Share on other sites More sharing options...
chef Posted January 18, 2019 Report Share Posted January 18, 2019 21 hours ago, Starkiller said: For people who may not be aware, this is a handy site to see if your email address (or passwords you commonly use) has shown up in publicly available website security breeches. They just got a big data cache uploaded recently, so it might be worth a look. https://haveibeenpwned.com/ If you have an email listed as breached, you think it's enough to simply change password? Link to post Share on other sites More sharing options...
Starkiller Posted January 18, 2019 Author Report Share Posted January 18, 2019 2 hours ago, chef said: If you have an email listed as breached, you think it's enough to simply change password? Yes, though that may not even be necessary if you have already done it. Or it might not even have a password, it could just tell you that a marketing company got hacked and your email was on their list. For example, I put in my email address and it tells me what services were involved and roughly what date. So it says Dropbox got hacked in mid-2012. Well I already changed that password so I don’t need to do anything, but that’s only because I remember they forced everyone to change passwords. Btowner 1 Link to post Share on other sites More sharing options...
OzTitan Posted January 18, 2019 Report Share Posted January 18, 2019 (edited) This website is run by Troy Hunt - a very well known name in the tech security industry. It's trustworthy and highly regarded. If you put your email in, it should tell you the exact breaches it was detected in, and spell out if it involved passwords, sometimes as specific as clear text or poorly hashed passwords (meaning the password is known). Any breach that uses bcrypt or basically just not clear/MD5/SHA passwords means your password is probably only known if it is a simple password, but it's still worth considering it to be known and to change it. FWIW when you use the password search feature, you're not actually sending your password to them. What's happening is your clear text password is turned into a hash in your browser, and it sends the first 5 characters of this hash to their server, which returns a list of all known passwords that also have the same first 5 characters in their hash. Your browser then compares this list to your hashed password and reports if your full hashed password was found. So as far as the network and their server is concerned, it sees the first 5 characters of a 40 character password hash, which is useless to them and effectively keeps it private. Edited January 18, 2019 by OzTitan Starkiller, and pat 2 Link to post Share on other sites More sharing options...
Denali Posted January 19, 2019 Report Share Posted January 19, 2019 So I put in “[email protected]” and it says that it’s been breached 3 times and then it gave me instructions for how to download and use their app. LOL Scam. titanruss 1 Link to post Share on other sites More sharing options...
OzTitan Posted January 19, 2019 Report Share Posted January 19, 2019 (edited) 20 hours ago, Denali said: So I put in “[email protected]” and it says that it’s been breached 3 times and then it gave me instructions for how to download and use their app. LOL Scam. No, it means that address was found in a breach. If you search for "[email protected]" you'll see it says no breach, so it isn't just saying everything is found. Like I said, this is a well known resource and is based on valid data. It has become a bit more commercialized with links to 1password (which he earns commission on if sold) but Troy runs this on his own volition as a free service, and it has exploded in popularity in recent times so isn't cost-free to run. Edited January 19, 2019 by OzTitan Link to post Share on other sites More sharing options...
Btowner Posted January 20, 2019 Report Share Posted January 20, 2019 It's a legit site. Here's a good article from Gizmodo on the breaches and they vouch for Have I Been Pawned (HIBP). Maybe they should change the name of the web site for skeptical users. https://gizmodo.com/mother-of-all-breaches-exposes-773-million-emails-21-m-1831833456 Link to post Share on other sites More sharing options...
Denali Posted January 20, 2019 Report Share Posted January 20, 2019 2 hours ago, OzTitan said: No, it means that address was found in a breach. If you search for "[email protected]" you'll see it says no breach, so it isn't just saying everything is found. Like I said, this is a well known resource and is based on valid data. It has become a bit more commercialized with links to 1password (which he earns commission on if sold) but Troy runs this on his own volition as a free service, and it has exploded in popularity in recent times so isn't cost-free to run. So your point is that “[email protected]” was actually used by someone? Link to post Share on other sites More sharing options...
OzTitan Posted January 20, 2019 Report Share Posted January 20, 2019 1 hour ago, Denali said: So your point is that “[email protected]” was actually used by someone? If it comes back as being part of a breach then yes. It could be someone's real address, or it could have been used as a fake address to bypass a signin page or something - not every service requires you to verify your email. For example "[email protected]" is in 198 breaches. Link to post Share on other sites More sharing options...
titanruss Posted January 20, 2019 Report Share Posted January 20, 2019 And I’m sure they don’t save any of the emails that people type in to get searched ... OILERMAN 1 Link to post Share on other sites More sharing options...
OzTitan Posted January 20, 2019 Report Share Posted January 20, 2019 6 hours ago, titanruss said: And I’m sure they don’t save any of the emails that people type in to get searched ... https://haveibeenpwned.com/Privacy Can't say I've had spam as a result. Is spam even a problem anymore? gmail handles it well for me *shrug*. Haven't thought about spam for years. Link to post Share on other sites More sharing options...
titanruss Posted January 21, 2019 Report Share Posted January 21, 2019 7 hours ago, OzTitan said: https://haveibeenpwned.com/Privacy Can't say I've had spam as a result. Is spam even a problem anymore? gmail handles it well for me *shrug*. Haven't thought about spam for years. i still get it in gmail. Link to post Share on other sites More sharing options...
klaatu'sAngel'sUncle Posted January 21, 2019 Report Share Posted January 21, 2019 Quote Oh no! Looks like your passwords have been compromised. Sign up for 1Password and follow the steps below to fix your at risk passwords now. Try 1Password FREE for 30 days It might not be a scam per se, but they just want you to buy their $60 a year service. A small price to pay for peace of mind! But really, if you've changed your password since the breach occurred then you're not compromised. Link to post Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.