Email checker - see if your email has been compromised

By : Administrator
Published 20th December 2018 |
Read latest comment - 14th October 2019

Got this tip from forum member Andy (Pewter World), so thought I would share it here.

Troy Hunt, a security consultant and Microsoft Regional Director has set up this invaluable database that checks any security breaches to see if you're details are in there. It's a real eye opener, try it for yourself: https://haveibeenpwned.com

Here is the results of our info email address:

So in  a nutshell, the email / password combination we have used in the past has been compromised so we need to make sure nothing still uses the same combination, and to use random and complex passwords for each login.

That obviously creates its own problems, but there are a variety of password solutions online. Troy also offers one for $3 a month, which gives you complex passwords, keeps them secure in a digital vault, and scans to see if any of your account has been compromised. There are a multitude of other providers, so pick the one you prefer.

But this is a great visual demonstration of much data is routinely abused, hacked and manipulated, and how it affects you.

Even if you get a clean bill of health, it's a good reminder to take password security more seriously.

Names, dates and kids birthdays are the passwords of yesteryear. Your password should now look like this:
njwTC8oA,QgB]ZL%R2a> 

not BobThe Dog123  or  mary100178

If you need a decent password generator, use this:  https://1password.com/password-generator/


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn
Comments

Glad you wrote that instead, very nice write up indeed  .. If I had done it it would have been rubbish lol.But I found it quite by accident as i was wondering why I was getting so much spam on my 1 email address. Found it in a forum I was browsing about getting spam all the time.

Hopefully it will help people in the same predicament as me.  


Thanks
Andy-C | Pewter World

Without sounding too stupid here, what can you actually do about the 'breaches'? Just reset all your passwords just in case? Feels a little extreme. I mean there must be hundreds and I could easily miss the right one....


In fact my result for my work email is I have been 'scraped' by an unknown source from LinkedIn, which is all readily available info, so changing my password won't really make a difference surely....


It's not the password it's the actual email itself ..Just means it's been listed as compromised and why you end up getting loads of spam  


Thanks
Andy-C | Pewter World

It's not the password it's the actual email itself ..Just means it's been listed as compromised and why you end up getting loads of spam  ”
 

Ah well. Nothing to do about it then really. 


It's not just about spam, it can be more sinister as well.

In fact my result for my work email is I have been 'scraped' by an unknown source from LinkedIn, which is all readily available info, so changing my password won't really make a difference surely....”
 

The techie boring bit is they are actually keeping a record of your email and the hash of the encrypted password. Long story short, if you utilise the same combination on different sites, then you may be compromised. If your linked in email and password is the same one that you use to login to HMRC, Paypal or the bank, then change it now!

But even your linked in account could be at risk, social media is now widely used for identity fraud, plus your contacts can be scammed in your name etc etc. Private contacts details can then be targeted. (Cambridge Analytica?)

It's about accepting and mitigating risk versus being practical and realistic.

Your email and password are compromised along with 20 million other peoples, so one argument is that you would be very unlucky to be targeted personally. But these databases of addresses are being sold again and again and squirted into ever more sophisticated automated tools. 

The official fix is to have a different email and password combination for every single website and application you visit. The most unpractical and useless advice known to man (or woman ).

There are various digital vaults touted by different providers for storing passwords, but at the very least, move to complex passwords with no meaningful words or dates. Even if it's the same password across a few site  Then utilise 2 factor authentication or any extra level of security on offer.

Until every PC, monitor smartphone and device has an eyeball scanner, we are stuck in this wild west of amateur and easily exploited security 


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

That's fair, I do need to have more ridiculous passwords I guess, sigh! Most of the more important ones are but for some I don't even know what the password is these days, if you don;t log in much it is hard to remember. I will gradually reset them.


oops , sorry I'm wrong again, I didn't realise it was so much more .. I use lastpass as then I can have really difficult passwords to all my sites ... The only issue is if they get into lastpass I'm buggered


Thanks
Andy-C | Pewter World

oops , sorry I'm wrong again, I didn't realise it was so much more .. I use lastpass as then I can have really difficult passwords to all my sites ... The only issue is if they get into lastpass I'm buggered”
 

That's the problem isn't it, you have to store all these passwords somewhere! and then remember the password for that storage....


This Thread is now closed for comments