Was my account hacked? Find Out With These Websites
Criminal hackers can repeatedly capture login information such as email addresses and passwords. These data are then sometimes put on the net. For other criminals, this information is extremely helpful because, unfortunately, many users still use the same passwords for different platforms. This was demonstrated, for example, by the massive password theft on Yahoo in 2013. Back then, security expert Troy Hunt compared the login data with those from a data leak at Sony in 2011. The result: 60 percent of those on Yahoo and Sony had an account, used the same password for both services.
Contents
Am I affected by the hack? These websites help answer the question
Have i been pwned?
This page shows you if your account is affected by the Adobe hack, for example. (Screenshot: Have i been pwned?)So users might want to think more about their passwords and of course, to easily determine if maybe even one of their own accounts has been hacked, Hunt has the website Have i been pwned? (HIBP). Here users enter their e-mail address, which is then compared with the addresses in the published lists. Afterwards, the website shows you which data peaks affected the address and which type of data was stolen. You can also search for passwords. Currently, the database has the login information of more than 5 million users.
It should be noted that services such as HIBP could at least theoretically be used to identify the actual e-mail addresses from the databases. Thus, a hacker could use the necessary computing power to decrypt a password more targeted. You should therefore keep your fingers off unknown services that offer a similar function as HIBP. However, Hunt is a respected security expert, and his service is now being used, for example, by Mozilla and the password manager 1Password to warn users when their login details have been compromised.
How to block your email address at Have i been pwned:
HIBP offers you the possibility to prevent queries to your e-mail address. You have to use this opt-out form. Then you can no longer search for your address via HIBP or API-connected services. But beware: Criminal hackers will not stop using stolen login details from you. The service only gives you no more information about which data leaks your address is affected.
Identity Leak Checker
An alternative to the US service HIBP is the Identity Leak Checker of the Hasso Plattner Institute. The private faculty belongs to the University of Potsdam and is funded by the nonprofit foundation of the eponymous SAP founder. At the moment, the database of the Identity Leak Checker is a bit more extensive than that of HIBP.
The Identity Leak Checker also requires you to provide your email address to let you know if your login details are affected by a data leak. In contrast to HIBP, the result of the query is not displayed on the website, but sent to you by e-mail. This is to ensure that only the actual owners of the addresses get information. In the mail you will then also learn which data are affected and you can see if besides password, for example, name, address, telephone number, bank details or other personal information was stolen from you.
Firefox Monitor
Firefox Monitor uses HIBP’s data repository. The results are therefore identical. Again, you can check by stating your e-mail address, whether your login information was stolen and published. You can also leave your e-mail address to be informed about future data leaks.
Since Mozilla and the HIBP operator Hunt realize that even specifying their own email address is a privacy problem in itself, it is not used directly for the query. Instead, the Firefox Monitor uses JavaScript to generate a hash value from the address, sending only the first six characters to the HIBP API. Then the API returns all records starting with the same value. Only in your browser are these then compared with the full hash value and you get the result presented.
