Have I Been Pwned?

Dropbox recently reset user passwords on over 68 million user accounts that were compromised during a 2012 security breech.  The company had previously disclosed the breech, but was not aware of its severity until 68.8 million Dropbox user names and passwords surfaced on the Internet last week. (It is not unusual for hackers to wait four or five years before releasing stolen data into the wild).

A security breach at LinkedIn resulted in the theft of 164 million user names and passwords.  Adobe Systems, 152 million – the list goes on.  However, many breeches are not publicized.  Or worse, some companies don’t know they’ve been hacked.

There is a useful website to help determine if your credentials have been stolen called haveibeenpwned.com (pwned is cyber-slang for “hacked”).  Developed by Troy Hunt, a Microsoft employee and web security expert, HIBP is essentially a massive database currently comprised of 129 hacked sites encompassing over 1.3 billion user accounts.  Go to haveibeenpwned.com enter your email address and click “pwned?”  You can also subscribe (free) to have your email address automatically checked when future hacks occur.

The impetus for HIBP started 2013 while analyzing trends in data breaches, such as the common reuse of passwords. When data is stolen, hackers will typically sell the data via an obscure area of the Internet called the Dark Web.  Other rogues purchase the data knowing that most people including (insert your name here?) use the same password for multiple sites.  This is why using unique passwords for every site is crucial to your online security.  “If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services,” the company said in a recent blog post.