HAVEIBEENPWNED.COM

By: Jack Bjelland

   Today’s culture values quick and constant communication online. We value speed and convenience over patience and security in a time where the internet is a lawless frontier and authority has little control. It may sound like a joke, but you are susceptible to cyber attack everywhere you go, and with everything you do both on and offline. Perhaps a hacker won’t focus on you specifically, but they do target websites the you visit daily, the sites where you save your personal information or have private conversations. You have no control over how websites are secured, and you aren’t able to do anything if the owners of said sites fail to protect your information. An easy way to prevent this would be having a different password for every site (which is easily done using a program like LastPass), but in reality most people won’t bother, and will cultivate themselves a security monoculture. Here in lies the real danger of being hacked; if one site fails to protect your password, you’ve essentially allowed a hacker to access all your other accounts as well.

   If something like this happened to you, it would be difficult to know if your information was at risk. Companies are often embarrassed when they get hacked, and in turn fail to notify customers if there has been a data breach. Even if they admit to being hacked, they may not tell consumers what kind of information is at risk. And some pretty big companies have been hacked; Sony, Yahoo, and Snapchat have all suffered from data breaches in the last 5 years. And the numbers are staggering–450 thousand Yahoo accounts, 4.6 million Snapchat accounts, 360 million MySpace accounts. How do you know if you were affected? If you had a Snapchat in 2014, you could be one of those 4.6 million people with a compromised account, so how can you be sure you are safe?

   Enter haveibeenpwned.com. A weird name, I know, but it is a website created for the sole purpose of searching usernames and emails across the vast lists of known breached accounts, and notifying you if that account has been compromised. Simply type in a username or email, and haveibeenpwned.com will tell you if an account under that name has been hacked, or “pwned.”  The site also provides a brief description of the breach; including what type of information was released and what website the account is under. Created by a Microsoft Regional Director, Troy Hunt, after a breach of 38 million Adobe accounts in 2013, the program is designed to be completely free and extremely fast. The website works by searching for what are called “pastes.”  Pastes are copy-pastes of account details (anything from usernames, emails, passwords, and any other information), usually on sites that have anonymity like Pastebin. Hunt’s website uses an automated system in the form of a Twitter bot to find these pastes, and to save a list of any usernames or emails that are found. When you type in your username on the site, it is cross-referenced across all of the known hacked usernames. When and if it finds a match, it will tell you that that account has been hacked and provide a brief description of the breach.

 This service is especially helpful for checking on your internet security and making sure that somebody doesn’t have access to your password. It’s also nice because it’s almost instantaneous and completely free. Having something fast and easy to use that helps you protect your information online is an excellent resource to have now and in the future. In fact, you can even sign up on the website to receive notifications about any future breaches that include your email. And the best part is that it only emails you if your account was compromised; that means no weekly newsletters! While this program probably probably won’t be one you use daily, it’s definitely nice to know about just in case. But just be sure to check; have you been pwned?