As the majority of account providers use email for usernames, a compromised email can give hackers access to all of your accounts. This is especially true if you tend to use the same password for multiple accounts. Ideally, you should have a unique password for every account so if one account is compromised the rest are safe. You should also be using a password manager to make storage and generation of passwords easy and secure. However, being the realist that I am I know many of you are still using the same password across multiple accounts.
Have I Been Pwned to the rescue!! After Adobe was hacked in 2013 the website Have I Been Pwned was created. The website allows users to enter their email and find out if the associated credentials appear in for sale lists on the Dark Web. This handy little website also lets you sign up for notifications, informing you the minute they discover that your email credentials have been compromised.
Interestingly enough, many hackers don’t actually use the credentials they steal. Instead they sell them to other hackers who use them at their leisure. This practice gives users a chance to change their credentials before any damage is done. Have I Been Pwned was created with this in mind.
You may be thinking…why sign up for this service, won’t I be notified by the account provider when they have a data breach? Unfortunately, account providers haven’t always been the first ones to detect a data breach and they are sometimes reluctant to inform their users that a breach has occurred. For example, the Adobe breach was discovered by security journalists and not announced for two weeks while Yahoo delayed informing users of their breach for two years.
We strongly recommend that you check out www.haveibeenpwned.com and sign up for notifications. The sooner you are aware that your account has been compromised, the sooner you can take corrective action.