Billions of stolen and leaked email addresses and passwords have been traded on hacker platforms over the years, and there’s a chance one of yours has been among them at some point or other.
Once hackers get hold of login data, they typically either use it to gain access or sell them. Either way, the user loses.
Victims of identity theft will often have to pay for orders placed in their name. However, the damage is by no means always only financial.
If hackers have had access to private data or photos stored on an online storage service, this can be extremely stressful, with a psychological effect similar to knowing a burglar has been in your home.
That’s why, to avoid being caught out, we all need to regularly check that none of our passwords are currently circulating the web.
Thankfully, this is easy, and you just need to query one of the several Internet security database that keep records on leaked and stolen data that has become available online.
Among the best known is haveibeenpwned.com, where you enter your email address or phone number to instantly find out if you’ve been “pawned” and where.
It doesn’t hurt to check several databases on a regular basis. After all, it may be that one security researcher has data records that the others do not have.
Mozilla’s leak query service Firefox Monitor also uses the “Pwned” database, and works almost identically, but differs in one practical detail.
You can also register on the Monitor page with an email address and will then be informed immediately if your own identity data should appear on the net.
Any passwords you save in the Chrome browser or password manager 1Password will also prompt an alert if they are found to have been shared online.
The Hasso Plattner Institute (HPI) in the German city of Potsdam also has a query option called Identity Leak Checker, where you can enter your email address.
A database comparison then checks whether the email address has been disclosed on the Internet in connection with other personal data such as telephone number, date of birth or address and could be misused.
If there is a hit with one of the services, you’ll need to…