Have I Been Pwned

Anyone use this site, done a lot of reading into it and seems legit.
I wouldn’t enter my password on it though

It’s legit. And if subscribed to, it can help avoid serious trouble.

3 Likes

It is legitimate and is used by governments around the world.

The National Cyber Security Centre has ‘endorsed’ him
https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere

1 Like

Used it for years. Regular emails when an account using my email is hacked

Use it regularly, in fact we rely on it to inform us of security breaches that we weren’t aware of.

1 Like

I’ve just checked my email address.

By far the most shocking discovery I made was that I had a MySpace account back in 2008. :scream:

3 Likes

It’s well known and legit. Created by expert Troy Hunt

1 Like

This blog by the same guy always makes me chuckle.

1 Like

I use it :raised_hand:

I have used it for many years. Would highly recommend.

Troy is a regional director for Microsoft (although MS are nothing to do with this site) and a really cool guy in the cyber-security space. I highly recommend signing up for alerts. There is no spam. Just 1 email should you be in a new breach!

They also have a feature that lets you see if your password is in a breach. It NEVER sends the full password to the server though so you can check your actual password!

It also has an API that other sites are using to check passwords at point of sign up. They are not allowing passwords that are in too many breaches. Epic Games and Co-op are 2 companies that have recently implemented this!

If you use Twitter, I recommend giving him a follow if you are into Cyber-security as he tweets quite a lot about it and it’s quite interesting (and shocking! :open_mouth:)

1 Like

Be careful. Your reference is missing an ‘e’: Pwned.

Fixed it for you :+1:

1 Like

Great site. A few months ago Troy Hunt released a file containing the top 100,000 breached passwords. I would recommend making sure none of your passwords exist in that file.

two of my passwords have been " pwned " but they are not linked to anything important, should I be worried ?

My email address hasn’t been pwned

No. But would it hurt you to change them?

To be fair the passwords I’ve used since 2005 so not suprised they’ve been " seen a few times "

I have loads of differen passwords for different sites so wouldn’t be able to remember which ones to change

Built into 1Password too so I get notified of anything on there. Great supporter of Have I Been Pwned.

If my email ever comes up as Pwned, what’s the best thing to do? Change password or just create a new email account ?

If it told you exactly where the breach was it would be helpful

It should say where the breach was, scroll down iirc it’s the part with a red background.

Just change the password of those sites

If it’s just a breach from a marketing list then there’s nothing you can do.

1 Like

I see it thanks.
Mine’s all clear but a few family members aren’t. They were aware something was up because the Netflix was hacked and since then they’ve used extra secure passwords.

The best thing surely is for important sites, use extra secure passwords and don’t re use them ?

2 Likes