How to Use ‘Have I Been Pwned’ to Check Your Email Data Breach

Ensuring the Security of Your Email Account Made Simple

Verifying the integrity of your email account has never been easier, thanks to the straightforward process provided by Have I Been Pwned (HIBP). Follow these simple steps to confirm the status of your email address:

Step 1: Visit HIBP Website Navigate to the official HIBP website by clicking on the following link: https://haveibeenpwned.com/

Step 2: Enter Your Email Address Once on the HIBP homepage, input your email address into the designated search bar.

Step 3: Review the Results Examine the results to determine if your email account has been compromised in any past data breaches. The search outcome will provide you with valuable insights, including:

1. Brand/Service Provider Names: Identify the specific services or brands associated with the breached data.

2. Summary of the Data Breach Event: Gain an overview of the breach, including when it occurred and the nature of the incident.

3. Details of Compromised Data: Delve into the specifics of the compromised data, such as dates of birth, driver’s licenses, email addresses, names, phone numbers, physical addresses, social security numbers, and even vehicle details.

Armed with this information, you can take proactive measures to secure your online presence, safeguarding your sensitive data from potential misuse. The transparency provided by HIBP empowers you to stay informed and make informed decisions about the security of your digital identity.

Sample of Results of Email Data Breach 

No Data Breach Reported: In case that you don’t see any data breach with your email account, at least that is a good news for now.

Data Breach Reported: Carefully review all the findings and change the passwords of your breached account immediately

Audi: In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver’s licenses, dates of birth, social security numbers and other personal information exposed.
Compromised data: Dates of birth, Driver’s licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details

Data Enrichment Exposure From PDL Customer: In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it’s believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Social media profiles

LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Compromised data: Email addresses, Passwords

Shopper+: In March 2023, “Canada’s online shopping mall” Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Spoken languages

Unlocking Your Online Security with Have I Been Pwned

Developed by renowned Australian web security consultant Troy Hunt, Have I Been Pwned (HIBP) is a powerful tool that sifts through data from countless breaches and compromised accounts. This free service allows users to check if their email address or phone number has been implicated in any tracked data breaches, enabling them to promptly fortify their digital defenses.
Key Features:
1. Check for Compromised Information:
• Enter your email address, domain name or phone number to receive a comprehensive list of data breaches associated with your details.
• Discover details such as the date of each breach, the affected company, compromised data types, and the scale of the breach.

2. Stay Notified:
• Opt-in to receive email notifications whenever your personal information is identified in a new data breach.
• Take immediate action to secure your accounts by changing passwords and minimizing the risk of fraud or identity theft.

3. Control Your Privacy:
• Safeguard your privacy by opting out of public searches for your email address.
• Choose specific privacy settings through an email confirmation link, allowing you to tailor your preferences, including the removal of your email address from the system.

Security Tips from Troy Hunt, The Founder of HIBP

• Enable Multifactor Authentication:
• Enhance account security by enabling multifactor authentication
• Use a Password Manager
• Generate and store robust passwords with a password manager
• Leverage tools like 1Password, integrating Watchtower to identify compromised passwords.

Beyond the Site

You can consider installing browser extensions like Okta’s PassProtect for Chrome utilize HIBP data for your protection. Explore and review your online data-sharing practices; practice data minimization by questioning the necessity of providing certain information.

Conclusion

As cyber threats persist, Have I Been Pwned remains an indispensable ally in safeguarding your digital identity. Empower yourself with proactive measures, and remember: a secure online presence begins with informed choices.