It’s a legitimate service that’s free, safe and simple to use
I typed my email address into the website and took a sharp breath. The page changed from blue to maroon. It took me a few moments to digest the words in front of me.
Ha. That can’t be good.
Turns out my personal details are circulating on the dark web.
Yours could be too.
If you’ve ever wondered if hackers have stolen your passwords, credit card number, or other personal details, there’s a legitimate online service that can help.
The site is trustworthy, simple, and free. It’s available for anyone to use.
What they stole
There in black and white, the website report listed five times hackers stole my personal data.
In October 2021, they stole my email address, name, partial credit card data, password, and phone number from an online booking system called Flexbooker. My details and 3.7 million other Flexbooker accounts were found to be actively traded on a popular hacking forum.
The same report said cybercriminals had also stolen my personal data from LinkedIn in 2021, Gravatar in 2020, Canva in 2019, and online fashion retailer SHEIN in 2018.
You may think this won’t happen to you, but cybercrime is real, and knowledge is power.
It’s time to find out if cybercriminals have your data.
Free help from a cybersecurity guy in Australia
Troy Hunt is a celebrity in cybersecurity circles.
He often talks to the media about online security and has appeared in global publications like TIME, The Washington Post, and the Wall Street Journal. In November 2017, Troy was even invited by the US Congress to testify about data breaches.
Lucky for us, Troy’s not only an industry expert; he’s big on community service.
He runs a site called Have I Been Pwned, which helps people like you and me (as well as big corporates and government agencies) determine if malicious activity on the web has impacted us.
What’s the deal with the site’s weird name?
“I can’t wait to pwn some n00bs in this game.”
Translation: I can’t wait to utterly dominate some newbies in this game.
We can’t have our Have I Been Pwned chat without talking about the website’s odd name. It puts non-technical folk off because it seems dubious.
It’s time for a brief lesson in internet slang history.
Pwnd (poned, pwn’d and pwn3d) is pronounced powned, as in owned with p at the front. Think owned but on the next level.
The term has deep roots in online gaming culture; perfect trash talk after a flashy kill in a first-person online shooting game. Pwned then spilled out from gamer communities into general internet culture from the early 2000s.
Now we get to the dual hacker meaning for pwned; to compromise or control another computer device, website or app.
Which is why we really do want to know — have we been pwned.
How to find out if your data is stolen
Let’s dive into the practical bit.
And if you’re not technical don’t panic. It’s easy.
Type your email address or phone number into the Have I Been Pwned search bar, and click pwned. The site will give you a report showing where your personal details were included in stolen or leaked data (neither is good.)
Knowing your data is circulating within the hacker community might make you feel sick, but you need to know about it.
Being informed lets us stay safer online.
What do hackers want your data anyway?
Cybercriminals don’t steal personal information for relaxation purposes; they’re usually motivated by money.
Stolen information can let hackers gain access to more of your accounts or steal your money via fraud, scams, and other creative means.
Data thieves are also generous sharers — if they don’t use the stolen data themselves, they might sell your information or disseminate it in hacker communities.
Don’t panic, though! There’s practical action we can take.
What to do next
If your data has been stolen, change your password on the impacted site and add two-factor (or multi-factor) authentication (if you haven’t already.)
As in, leave this article right now, make the changes and come back.
And if you’re a serial password recycler, you need to remember where else you’ve used that password and change it there too.
You can’t get your stolen information back, but you can protect yourself from further harm.
First published in Medium, 22 April 2022.