Table of Contents
You may lose your password due to weak security of online services
Using strong passwords is essential to the security of any online account. But even the best password is useless if an attacker simply knows it. Day after day, hackers try to both attack individual accounts, but also break into companies’ databases where usernames and passwords are stored.
Passwords are supposed to be signed, so even with a data leak, attackers should only have a nondescript Pelmel of characters, but unfortunately it often happens that passwords are also leaked in their original unencrypted form.
We might also think that since a service has already been breached, that it’s some small company. Unfortunately, this is not always the case. Hackers have successfully managed to crack the security of even the largest companies and get hundreds of millions of passwords or just parts of passwords, but they can still help the hackers. The passwords were either in their original form or encrypted using methods that are now relatively obsolete and therefore easier to crack.
Well, yes, but these data leaks happen every day. So how do you know if an account is at risk?
Take advantage of the Have I Been Pwned catalog
At haveibeenpwned.com you can find a database of leaked passwords, as well as read about the biggest scandals or even the latest successful hacker attacks on various services. You can also take a look at all the known attacks to see when and how many passwords were leaked, and you’re sure to find some services that you definitely wouldn’t expect to see on this list.
But more importantly, you can easily test to see if your login in the form of an email address is floating around in one of these leaked databases.
How to use Have I Been Pwned?
In the search box on haveibeenpwned.com, you enter the email address you use to log in to various services. Ideally, you will see that this email is not in any of the leaked databases. But if it is, you will also be able to see which events it happened on and where you have compromised or directly leaked passwords.
Also beware that if one service’s password has been leaked, all accounts that use the same or similar passwords are at risk. We therefore recommend changing passwords everywhere, or straightforwardly using a password manager like 1Password, where you will have a different strong password on each service.
You can also set up an alert to notify you when an email address has been found in a leaked database. You should expect that not all attacks are immediately disclosed. In some cases, information about a successful attack has been leaked years after the hackers stole the data.