How to See if Your Information Has Been Leaked as Part of a Data Breach

John Biglin, CEO | March 20, 2017

Over the years there have been countless data breaches that have included the theft of user account information. Many are well publicized in the media, however, a number are purposely or irresponsibly not disclosed to the public. Worse, many of the publicized, yet not disclosed, breaches simply go undetected for weeks, months – even years!

With all of these breaches, wouldn’t you like to know if your information definitively was leaked onto the internet? Well, now there is a way to do this.

Troy Hunt, a security researcher and award-winning “Microsoft Most Valuable Professional,” or MVP, has created a research project and website called www.HaveIBeenPwned.com (HIBP), a free service that aggregates the information from data breaches into a searchable database and helps you see if you’ve been impacted by malicious activity on the web.

You see, when data breaches occur that include names, email addresses, passwords, secret questions (and their answers), etc., the bad actors or hackers will often post their cache of stolen information on the Dark Web as “social proof” that their escapades were successful. He or she could also be using your personal information to cause more mayhem by providing it to other bad actors.

Hunt has developed a way to scour the internet’s nooks and crannies to find “chunks” of data from these breaches. Most of the time, he is able to find smaller batches of data from multiple locations, but there are also times he is able to access a large data set, such as the information from the Ashley Madison breach. The media is quick to announce a breach, and sometimes they post where the data exists, but Hunt digs deeper and works to validate that the data is truly correct breach data.

How Do I Check whether or not my information was taken and posted publicly?
Simple – visit www.HaveIBeenPwned.com and enter your email address and click the “pwned?” button. Be sure to try all of your email addresses – the results may surprise you.

The results include whether or not your email address was part of the data captured in a known breach. Information about the breach is shared, including dates and details about the types of information besides your email address that was lost. In my case, as you can see, my professional email address and password were posted after a LinkedIn data breach:

When I entered my personal email account I discovered that my info was leaked from 3 different data breaches. Ugh!

Hunt does not claim to be able to check your email against all past data breaches, but it appears he has been able to build a very large database – over 2 Billion email address entries as I write this post. This information is undoubtedly useful for anyone who wants to know if their information is widely available on the web.

Staying Informed
Another fantastic feature of HIBP are notifications. When sign up, you will receive email alerts if you are included in a new data breach that is discovered or leaked. As an example, I recently received an alert from HIBP because my information was found in a massive data leak related to a major SPAM email organization (even the bad guys lose data sometimes). The only way I found out that my personal info was part of that leak was through the alert functionality that HIBP provides.

I highly recommend checking your email addresses on HIBP so that you can find out where your information has been leaked. You can’t remove your information from a leaked list, but at least you can change your password and other information associated with the account. Better yet, if possible, you can close the account and open a new one with different credentials.

Hopefully you found this information helpful and will consider forwarding it to colleagues, friends and family to help them protect their personal information as well.

If you want to know where your business stands relative to cyber risk, the experts at Interphase Systems would be happy to conduct a security vulnerability assessment and help you make your business systems and information more secure. Contact us today!

SMB Success Story: Jack’s Diving Locker

SMB Success Story: Jack’s Diving Locker

Did you know that technology is helping to protect and save our oceans? With #cloud security and communication tools, @JacksDiveLocker has exponentially increased their outreach and education efforts to keep our oceans healthy and thriving.

Want to see how the latest #security tools can help grow your business? Contact the Client Engagement team at Interphase Systems (ce@interphasesystems.com or 610-276-5500) to get started today!

Taking internal communication to the next level with Microsoft Teams

Taking internal communication to the next level with Microsoft Teams

Communication among team members and between different teams, especially when they’re in different locations, can be a huge challenge–but it doesn’t have to be an obstacle to collaboration and teamwork. Watch this video to discover why Red Lion Hotels (RLH) trusted Microsoft Teams to integrate all its corporate collaboration needs into one internal communications tool. Interphase Systems helps organizations of all types build and implement a collaboration strategy that leverages Microsoft Teams as the nexus for internal and external team collaboration. Contact our Client Engagement team today (ce@interphasesystems.com or 610-276-5500) to help your organization plan and implement its own collaboration strategy.

The Guts Of A Phishing Email

Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...