Has your information been compromised

Have you ever wondered if your account information or password has ever been exposed in a data breach?

Have I Been PWNED? (HIBP) is a free resource developed by a Microsoft researcher for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. If you enter your email address or password into HIBP, it confidentially checks to see if your credentials appear in public data stores used by hackers and other cybercriminals.

To check if your email account or password was revealed in a data breach visit the webpages below: 

Email account:  https://haveibeenpwned.com/

Password: https://haveibeenpwned.com/Passwords

What does pwned mean?

Pwned is a slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership.

How do I know the site isn’t just harvesting searched email addresses?

The site is a free service used throughout the security industry for people to determine if their email address or password has been put onto public or dark web credential bulletin boards as a result of a breach. If you used a particular email address and password on a site that has been breached, it’s likely that the address or password will show up on HaveIBeenPwned.

As with any website, if you’re concerned about the intent or security, don’t use it.

What do I do if HaveIBeenPwned finds a match?
If your email address shows as a match, consider the email account: if it’s firstname_lastname@fitnyc.edu, or firstinitial.lastname@gmail.com,  there are lots of ways people can find or guess those addresses. If the address is less obvious, consider changing it.

If your password shows up as a match, change it.  Note that if you used a weak password like “Password123”, the match might be related to you or millions of other people.  Still, you should change it, either because it’s been Pwned or because it’s too obvious. Each site has different password requirements, but two major guidelines are that longer passwords are better than short ones, and don’t include elements like your birthday that are easily guessable or available on social media.