Article Lead Image

How to find out if you’ve been hacked in under a minute

Now if we can only stop getting hacked.

 

Patrick Howell O'Neill

Crime

Posted on Sep 16, 2014   Updated on May 30, 2021, 2:10 pm CDT

Have you been hacked?

If it feels like the Internet is plagued by seemingly constant cybersecurity breaches, sometimes the best thing you can do is find out if your usernames and passwords are already owned by an enterprising criminal.

The search engine Have I been pwned? (HIBP) is one of your best free and easy bets to find out if your sensitive information is floating out in cyberspace for all to see. There are other worthwhile options but HIBP’s new real-time monitoring tool separates it from the pack. 

HIBP, which has provided easy access to stolen user credentials from newsworthy security breaches since last year, just introduced a major new feature that gives it access to about 175 million vulnerable accounts—a number that will keep growing rapidly—and alerts your within a minute to possible problems.

Now, with the new feature, scores of smaller breaches are documented and made easy for anyone to search.

Everyday, hackers leave tens of thousands of vulnerable accounts and passwords on free paste sites like Pastebin.com. It’s easy to find them: Here are two pastes from this morning totalling 245 emails and passwords.

“Often when online services are compromised, the first signs of it appear on ‘paste’ sites like Pastebin,” HIBP creator Troy Hunt explained on his site. “Attackers frequently publish either samples or complete dumps of compromised data on these services. Monitoring and reporting on the presence of email addresses on the likes of Pastebin can give impacted users a head start on mitigating the potential fallout from a breach.”

By partnering and integrating with Dump Monitor, a clever little bot that crawls the Web looking for stolen credentials, HIBP has exploded in size and usefulness. It takes less than a minute for new pastes with hacked accounts to show up on the site. HIBP also keeps the records even if a paste has been deleted, potentially alerting users to problems that hackers are trying to cover up.

Oops, I think that means I’ve been pwned a few times. C’est l’Internet.

“I’ve got 174,451,409 breached accounts in HIBP as of today which probably sounds like a lot,” Hunt wrote in a blog post, “but it’s not. Why is it not a lot? Because whilst that list spans a lot of the big breaches I could get my hands on, as of the middle of this year (now a couple of months ago already), there were over half a billion accounts breached in just six months … [I]t’s set us on a track that will make 2014 the most-hacked year to date by a fairly significant margin over last year, which was the previous most hacky year.”

To top it all off, HIBP’s easy email notification is a powerful tool with over 100,000 subscribers who can now be told quickly that their accounts may be at risk. That’s a powerful weapon. Now if only we could stop getting hacked in the first place.

Photo via Randy Pertiet (CC BY 2.0)

Share this article
*First Published: Sep 16, 2014, 6:41 pm CDT