Skip to main content

Has Your Password Been Hacked in a Data Breach? Troy Hunt Can Help You Find Out

Has Your Password Been Hacked in a Data Breach? Troy Hunt Can Help You Find Out

by M.J. Kelly
As more of our important personal information is stored online behind password-protected accounts, news about data breaches sends us scrambling to find out if our passwords were hacked. One of the best places to find out is Troy Hunt’s website, www.haveibeenpwned.com, where anyone can input their email address to learn if it has been compromised.
Hunt, an Australian information security expert, has spent thousands of hours studying data breaches to understand what happened and who was at risk.
“I kept finding the same accounts exposed over and over again, often with the same passwords, which then put the victims at further risk of their other accounts being compromised,” Hunt said.
He became concerned that everyday people were unaware of how big the problem was. In 2013 when an Adobe customer account breach put more than 150 million user names, email addresses, passwords and password hints at risk, Hunt launched his site. He runs it on a “shoestring budget” out of his own pocket, and his approach has been to keep it simple and keep it free.
Business, unfortunately, has never been better.
“Data breaches have increased dramatically since I started, both in terms of frequency of the incidents and the scale as well.”
He points to a handful of reasons. To start, people have more devices connected to the Internet every year, from phones to refrigerators to teddy bears. With more connected devices and more accounts created with them, more data is being collected.
“The cloud is another thing that has exacerbated the whole problem because as awesome as it is for many things, it also makes it very cheap to stand up services, so we’re seeing more services [with logins],” he said. “It’s also very cheap to store data, so we see organizations hoarding information. Companies like to have as much data as they can so they can market to people.”
We’re also entering the digital native era, a time when more people are online who have never known a time when it was different.
“Their propensity for sharing information and their sensitivity toward their personal privacy is all very different than it is for those of us who reached adulthood before we had the Internet,” he said.
All of this adds up to more information out there from a lot more sources. And not every company is doing a stellar job of protecting that information or destroying it when it’s no longer needed, which makes it vulnerable.
“The reason we have these headlines everyday is because clearly we’re not taking security seriously enough,” Hunt said. “The really big stuff — like your Twitter and your Facebook — is very solid these days, and the vast volume of our Internet behavior is on sites that have done a very good job. The problem is when you get to middle or lower tier sites where you’ve got a lot less funding, and you don’t have dedicated security teams.”
Pwned,” which rhymes with “owned,” is a slang term meaning your account has been utterly defeated, cracked and, yes, owned. Shortly after his site’s launch, Hunt added a feature where one can sign up to be notified if email address gets pwned in future data leaks. In February 2017, he hit one million subscribers. When Hunt started, he poked around in forums, dark web sites and even public web sites to find leaked data. What he discovered was fascinating.
“There is this whole scene where people share data breaches,” he said. “It’s very often kids, young males, teenagers, who are hoarding data. They collect as much as they can, and they exchange it like they would baseball cards. Except unlike with baseball cards, when you exchange data, you still have the original as well.”
Sometimes data is also sold. When the LinkedIn data breach occurred, it was traded for five bitcoins or several thousand U.S. dollars at the time. Hunt says the data is not typically used to break into the account from which it was hacked. Rather it’s used in an attempt to break into other accounts, such as your bank or your email, which is often the best way to unlock an account. If you reuse passwords, you’re putting yourself at risk.
Today, people get in touch with Hunt when they come across a data breach.
“Fortunately I have a reliable trustworthy network that sends me information and makes it a lot easier to maintain the service. It would be very hard for me to go out and source all of this myself.”
Hunt takes great care when he learns of a data breach. His first step is to determine if it’s legitimate.
“A lot of the stuff out there is fake,” he said. “For example there’s a lot of news at the moment about Spotify accounts, and these Spotify accounts are just reused names and passwords from other places. They weren’t hacked out of Spotify.”
Once that box is checked, he reaches out to the company to alert them, which he says is a surprising challenge. Though he works hard to responsibly disclose the breaches to the companies affected, he has many stories of companies who ignore alerts that their customer data has been compromised. Finally, he loads the email accounts onto his site alongside those from MySpace, xBox 360, Badoo, Adobe, Elance and many more.
Hunt also gives talks about information security to audiences around the world with the goal of getting more businesses and developers to approach projects with a defensive mentality. One of his sessions is a “Hack yourself first” workshop that shows developers how to break into their own work, giving them an opportunity to see offensive techniques first-hand.
“There’s like a lightbulb that goes off when people do get first-hand experience with that,” he said. “It’s enormously powerful as a way of learning.”

At Mozilla, we believe cybersecurity is a shared responsibility, and your actions help make the Internet a safer, healthier place.

Be smart about your logins

As an Internet citizen, there are a few fundamental things you can do to boost your account security online:
  1. Use unique passwords.
  2. Since it’s difficult to remember so many unique passwords, use a password manager.
  3. Use multi-step verification
Check out Mozilla’s Guide to Safer Logins, which covers these tips in more depth.

Update your software

It’s all too easy to ignore software update alerts on your phone and computer, but your cybersecurity may depend on them. Updating to the latest security software, browser and operating system provides an important defense against viruses, malware and other online threats like the recent WannaCry ransomware attack.

Use Lean Data Practices

As a business or developer that handles data, you should always be working to create a more trusted relationship with your users around their data. Building trust with your users around their data doesn’t have to be complicated. But it does mean that you need to think about user privacy and security in every aspect of your product. Lean Data Practices are simple, and even come with a toolkit to make them easy to implement:
  1. Stay lean by focusing on data you need,
  2. Build in security appropriate to the data you have and
  3. Engage your users to help them understand how you use their data.

Comments

Popular posts from this blog

Hidden Wiki

Welcome to The Hidden WikiNew hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!!
Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it.
The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with.
Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction PointsAhmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database). DuckDuckGo - A Hidden S…

Explainer: The nico-teen brain

Explainer: The nico-teen brain The adolescent brain is especially vulnerable to the addictive effects of nicotine BY  TERESA SHIPLEY FELDHAUSEN 7:00AM, AUGUST 19, 2015 Nicotine (black triangle towards center left) tricks the nerve cell (neuron) into sending a message to release more dopamine (yellow dots). Those molecules enter the space (synapse) between one nerve cell and the next. When they get picked up by neighboring cells, this gives users a feel-good high. It also creates the risk of addiction and other health problems.  EMail Print Twitter Facebook Reddit Google+ NATIONAL INSTITUTE ON DRUG ABUSE, ADAPTED BY J. HIRSHFELD Nicotine is the addictive chemical in tobacco smoke and e-cigarette vapors. And doctors say the teenage brain is no place for it to end up. Nicotine can reach the brain within seven seconds of puffing on a cigar, hookah, cigarette or electronic cigarette.
The area of the brain responsible for emotions and controlling our wild impulses is known as the prefrontal c…

fix idm integration on chrome

Chrome Browser IntegrationI do not see IDM extension in Chrome extensions list. How can I install it? 
How to configure IDM extension for Chrome?Please note that all IDM extensions that can be found in Google Store are fake and should not be used. You need to install IDM extension manually from IDM installation folder. Read in step 2 how to do it.

1. Please update IDM to the latest version by using "IDM Help->Check for updates..." menu item

2. I don't see "IDM Integration module" extension in the list of extensions in Chrome. How can I install it?

Press on Chrome menu (arrow 1 on the image), select "Settings" menu item (arrow 2 on the image) and then select "Extensions" tab (arrow 3 on the image). After this open IDM installation folder ("C:\Program Files (x86)\Internet Download Manager" by default, arrow 4 on the image) and drag and drop "IDMGCExt.crx" (arrow 5 on the image) file into "Extensions" page opened in…