Here’s How to Find Out if Your Online Passwords Have Been Stolen

Pwned photo

Unfortunately data breaches have become commonplace. Online thieves are constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses. In some case these thieves will also get other personal information like names, physical address, and passwords.

This may not seem like a big deal – who cares if someone reads the local newspaper under your name? But since many people reuse the same passwords across multiple sites, these thieves will take that password and test it against other sites, possibly getting into other sites of yours that are more personal.

Pwned LinkedIn breach

Password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?

A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.

Pwned list
Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. If you use a different password for each site, even if one of your passwords was compromised, attackers can’t break into any of your other accounts.

I recommend you take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.