We always wonder if our email id or passwords have been ever hacked or breached, but we don't know how to check whether we have been a victim of cybercrime ever.
A website called 'Have I Been Pwned' help users to find out if their email id and passwords have been ever hacked or faced any kind of breach or not. The website also reveals the number of times your password or email-id has been compromised.
Over the years, the website has released different versions of the database with an increase in the number of hacked accounts and passwords. In August 2017 version, they released a database of 320 million unsafe passwords. And within six month period, the number increased to 500 million. Now, they have released the third version on July 13, the database has 15.6 million passwords which have been involved in past data breaches.
The database of passwords released by the website is considered unsafe and non-reliable as they have once been used in past for data breaches and could be reused again. If your password appears on the list, change it as soon as possible.
According to the website, there is a different search feature for both pwned email-id and pwned password, "When email addresses from a data breach are loaded into the site, no corresponding passwords are loaded with them. Separately to the pwned address search feature, the Pwned Passwords service allows you to check if an individual password has previously been seen in a data breach. No password is stored next to any personally identifiable data (such as an email address) and every freely available password is SHA-1 hashed."
The entire database of insecure passwords is freely available for download on the website in two different links, one is “torrent” link and another one is “Cloudflare” link, both of them are stored in SHA-1 hash.
To check whether your email id has been pwned or not, just visit this website https://haveibeenpwned.com/ and type your email-id. The interesting fact lay underneath the search bar, it shows how many times your email id has been pwned on breached sites and number of pastes. It also lists the breaches you were pwned in and the year of breaches.
To check whether your password has been pwned or not, just visit this website https://haveibeenpwned.com/Passwords and type your password. Underneath the search bar, you will find out how many times your password has been used in data breaches. On this website also you can download the entire database of insecure passwords.
