Have you been pwned?

Posted on Updated on by David LeonardCategories:Blog, Internet, Security and Privacy

Has your email address (and, possibly, password) been caught up in a data breach?

Hunched Hoodie
A ne’er-do-well

If, like me, you have never heard of the word “pwned”, then I am pleased to elucidate by quoting Wikipaedia’s definition:

Pwn is a leetspeak slang term derived from the verb own, as meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival, used primarily in the Internet-based video game culture to taunt an opponent who has just been soundly defeated (e.g., “You just got pwned!”).

Yes, I know, “leetspeak” isn’t a proper word either. If you care enough, you can check it here – https://en.wikipedia.org/wiki/Leet.

The important point, though, is that the website https://haveibeenpwned.com/ performs a valuable (free) service in telling you if your email address has been involved in a data breach. You can even ask them to send you a free email advising you if it should happen in the future.

What do we mean by “…involved in a data breach” and why is it serious?

Suppose some ne’er-do-well hacks into a website and manages to steal a list of usernames and passwords of people who have registered with that site. That is a data breach.

Now let’s suppose that the website www.nasaltrimmers.com suffers such a breach. You hear about it on the 6 o’clock news and you think to yourself “hmm, didn’t I register with them last year when I had a sudden outbreak of nasal hair?” You might be tempted to shrug it off, thinking “how bad could it possibly be?”

Well, if you are one of the countless people who have ever used the same email address (as a username) and the same password on several different websites, then it could be very serious indeed.

Key
Would you want one single key to fit every lock you have?
Computer hackers do realise that there’s a huge number of people who only use one email address and that that email address is used as a username on countless websites. Moreover, they also know people re-use the same password. So, the danger doesn’t lie in them knowing that you bought the super, high-speed, high-power nasal trimmer. Rather, the danger lies in them trying that same combination of username and password on Amazon, LinkedIn, Facebook, Waitrose, Ocado…………

This is why you MUST NOT re-use passwords.

Have I Been Pwned?So, the website https://haveibeenpwned.com/ kindly lets you know whether any of the major data breaches in the past have exposed your email address and also lets you know – free – if you get caught up in any new data breaches. I strongly recommend that you take just a couple of minutes out of your life to visit the site, click on the “notify me” link at the top of the page, and risk being mildly irritated by having to prove that you are not a robot. After that, you can forget it. You just need to consider whether there’s any action you need to take if you get an email from them some time in the future telling you that somewhere you registered that email address has been hacked into.

Health Warning: I don’t think they claim to know about EVERY data breach. They are certainly not claiming that you’ve never been involved in a data breach if they don’t know about it. Nevertheless, it’s a simple, free way of improving your online security.

If you’re interested in seeing some of the biggest data breaches of the past, have a look at the bubble chart here.

(Last updated 08/09/2023)

David Leonard