Today we are so trusting when it comes to giving out our personal details to companies such as LinkedIn and FaceBook that we will happily hand over our personal information. Although we generally get cautioned with giving third parties access to our information through FaceBook but from a security standpoint, this is not good enough. In this article we are going to talk about the site https://haveibeenpwned.com/ and cover what the website is and what you can do if your accounts on the internet have become compromised.
What is Have I been Pwned?
The website https://haveibeenpwned.com is a reporting 3rd party that gathers data leaked on the internet of sensitive data that has been leaked by a security breach. Hackers usually share e-mails and passwords as an act of showing off their skills in pastebin websites where any other person can visibllly obtain a copy of the archive containing this informatiom.
Generally speaking information that might be made public after a breach are e-mails may include:
- First and lastname
- Password or the encryped password hash from the database
- Phone number
- Credit card details (last 4 digits or full card details depending on security policy)
What can you do if you have been pwned?
You shoudl go around to all your websites that you use with that e-mail and password and immediately change the password to a new password tht you haven’t ever used before. Next you should go to the websites that have different passwords to the one you used on the compromised website and change them as well.
You should also for safe measure contact the companies regarding your account being compromised and get the specific details about the breach from them and what specific action they recommend.
How can I avoid being pwned?
Here are some quick tips that can reduce your risk of having multiple accounts compromised when one website is breached. Unfortunately as a website user you dont have much say over which websites get hacked and which don’t so it’s best practice to treat all websites with the same level of vulnerability of being compromised.
- Utilise multiple email addresses for websites that you use. For example use a heavy personal e-mail for your banking websites, MyGov and other secure websites and use a different password for each site as well as the following:
- Have spare e-mail addresses or forwarders that mask your identity on social media sites, blogs and gaming networks like Steam and Xbox.
But we have saved our best tip for last
E-mail providers usually offer a generous amount of e-mail forwarders so you can create your e-mail address but create forwarding address like email@example.com and firstname.lastname@example.org and have those addresses forward to the main email address. This is a feature most e-mail hosting providers will offer BUT! some providers like Gmail allow you to add a + postfix to your e-mail address.
Your Gmail address is email@example.com but you can use + to create forwarding addresses such as:
firstname.lastname@example.org, email@example.com or even something secret such as firstname.lastname@example.org the possibilities are endless and you could create an e-mail for each site you use.
So in the event, one of your logins is compromised it would be a lot harder for your other identities to be compromised.