- Joined
- Nov 26, 2020
- Messages
- 716
Are you sure that your account or password is secure? Have they ever been exposed to leaks or hacks?
To make sure of this, use special services. Perhaps your complex and unique password has already become public.
Have I been pwned?
One of the most well-known services for checking accounts for leaks is Have I Been Pwned. The site was created after one of the largest customer account leaks in history – in October 2013, the data of 153 million Adobe accounts was stolen. Have I been pwned is a reverse search engine that checks for the presence of your email or passwords in a huge database of hacked passwords. Just enter your email address or passwords, and the service will show whether your data was included in known leaks.
Firefox Monitor
In 2018, Mozilla launched its own Firefox Monitor service to check credentials for leaks. You can simply use a search in the database of hacked passwords or register to receive alerts when information about a new leak appears. Data privacy violations occur when personal information is disclosed, intercepted, or copied without your permission. Such security incidents can result from cyber attacks on sites, services, and applications that store user data.
DeHashed
DeHashed is a search service based on hacked and stolen personal data, which is designed for security experts, journalists, technology companies, as well as for ordinary users who want to protect their accounts and find out about leaks in a timely manner.
In DeHashed, you can search by IP addresses, email addresses, logins, phone numbers, VIN numbers, and home addresses. The service offers reverse search for passwords, hash sums, and other types of data.
GhostProject
GhostProject.fr – free search through a database of 1.4 million compromised credentials. The database is constantly updated and updated with new data. To protect yourself, the service recommends avoiding duplicate passwords and using only complex passwords for different accounts. If possible, you should use specialized applications such as KeePass and enable two-factor authentication.
Password Checkup от Google
In February 2019, Google released an extension called Password Checkup. It notified users that their credentials from a particular site were involved in hacking incidents or data leaks. Logins and passwords were checked against a database of 4 million known compromised credentials. In October, Google introduced the tool Checking passwords for Google accounts. Starting with Chrome 79, this functionality is built directly into the browser, which makes the extension irrelevant.
Now, when you log in to your account on the site, Chrome will send a SHA256-hashed copy of your credentials to Google. The data will be encrypted using a secret key (even Google won't be able to view your usernames and passwords). Google will use several layers of encryption using the Private Set Intersection (PSI) technique to compare your username and password with the compromised credentials, which in turn are stored in encrypted form. If your password or username was stolen, Chrome prompts you to change your password.
You can enable or disable this feature in the Chrome settings sectionPrivacy and security > Security> (chrome://settings/security) using the radio buttonReport if passwords were exposed as a result of a data leak.
BreachAlarm
BreachAlarm is one of the main competitors of Have I Been Pwned. The service allows you to check your email for leaks for free, and on a paid basis, you can enable automatic leak notification and additional services.
The price of $ 30 per year will be adequate for owners of commercial accounts, small businesses, or a large family. There are no restrictions on data verification for subscribers.
Sucuri Security Scanner
Sucuri Security Scanner uses its own approach – the service allows you to check entire sites for various vulnerabilities, blacklisting, and hacker attacks. It is an ideal tool for bloggers and online businesses. It is better to use it in conjunction with other sites that check accounts for leaks.
How these sites work
Services that search for hacked usernames and passwords usually process information from other sources that are used to exchange stolen information. These sources include Pastebin, specialized forums, darknet resources, and other popular sites among hackers. Verification services use this information for noble purposes – to warn the user about leaks and recommend that they change their username and password.
Unfortunately, there are several scam sites on the web that simply collect your email and passwords for future hacking attempts. By using an untested tool, you expose your data to additional risks, which can lead to even more serious data breaches.
For example, in may 2016, the PwnedList service ended its existence, which offered to check the presence of their data in a huge database of compromised data, which includes information about more than 866 million accounts. As it turned out, the service had serious vulnerabilities that allowed cybercriminals to monitor new leaks for any domain.
To make sure of this, use special services. Perhaps your complex and unique password has already become public.
Have I been pwned?
One of the most well-known services for checking accounts for leaks is Have I Been Pwned. The site was created after one of the largest customer account leaks in history – in October 2013, the data of 153 million Adobe accounts was stolen. Have I been pwned is a reverse search engine that checks for the presence of your email or passwords in a huge database of hacked passwords. Just enter your email address or passwords, and the service will show whether your data was included in known leaks.
Firefox Monitor
In 2018, Mozilla launched its own Firefox Monitor service to check credentials for leaks. You can simply use a search in the database of hacked passwords or register to receive alerts when information about a new leak appears. Data privacy violations occur when personal information is disclosed, intercepted, or copied without your permission. Such security incidents can result from cyber attacks on sites, services, and applications that store user data.
DeHashed
DeHashed is a search service based on hacked and stolen personal data, which is designed for security experts, journalists, technology companies, as well as for ordinary users who want to protect their accounts and find out about leaks in a timely manner.
In DeHashed, you can search by IP addresses, email addresses, logins, phone numbers, VIN numbers, and home addresses. The service offers reverse search for passwords, hash sums, and other types of data.
GhostProject
GhostProject.fr – free search through a database of 1.4 million compromised credentials. The database is constantly updated and updated with new data. To protect yourself, the service recommends avoiding duplicate passwords and using only complex passwords for different accounts. If possible, you should use specialized applications such as KeePass and enable two-factor authentication.
Password Checkup от Google
In February 2019, Google released an extension called Password Checkup. It notified users that their credentials from a particular site were involved in hacking incidents or data leaks. Logins and passwords were checked against a database of 4 million known compromised credentials. In October, Google introduced the tool Checking passwords for Google accounts. Starting with Chrome 79, this functionality is built directly into the browser, which makes the extension irrelevant.
Now, when you log in to your account on the site, Chrome will send a SHA256-hashed copy of your credentials to Google. The data will be encrypted using a secret key (even Google won't be able to view your usernames and passwords). Google will use several layers of encryption using the Private Set Intersection (PSI) technique to compare your username and password with the compromised credentials, which in turn are stored in encrypted form. If your password or username was stolen, Chrome prompts you to change your password.
You can enable or disable this feature in the Chrome settings sectionPrivacy and security > Security> (chrome://settings/security) using the radio buttonReport if passwords were exposed as a result of a data leak.
BreachAlarm
BreachAlarm is one of the main competitors of Have I Been Pwned. The service allows you to check your email for leaks for free, and on a paid basis, you can enable automatic leak notification and additional services.
The price of $ 30 per year will be adequate for owners of commercial accounts, small businesses, or a large family. There are no restrictions on data verification for subscribers.
Sucuri Security Scanner
Sucuri Security Scanner uses its own approach – the service allows you to check entire sites for various vulnerabilities, blacklisting, and hacker attacks. It is an ideal tool for bloggers and online businesses. It is better to use it in conjunction with other sites that check accounts for leaks.
How these sites work
Services that search for hacked usernames and passwords usually process information from other sources that are used to exchange stolen information. These sources include Pastebin, specialized forums, darknet resources, and other popular sites among hackers. Verification services use this information for noble purposes – to warn the user about leaks and recommend that they change their username and password.
Unfortunately, there are several scam sites on the web that simply collect your email and passwords for future hacking attempts. By using an untested tool, you expose your data to additional risks, which can lead to even more serious data breaches.
For example, in may 2016, the PwnedList service ended its existence, which offered to check the presence of their data in a huge database of compromised data, which includes information about more than 866 million accounts. As it turned out, the service had serious vulnerabilities that allowed cybercriminals to monitor new leaks for any domain.