This website checks if your email has been compromised

MANILA, Philippines – A breach is when data is obtained illegally from a company’s records, websites, or other services by a third-party. The data that is obtained may expose a user’s private information, used to mine more valuable information such as banking or credit card data, or used in spam campaigns. Simply put, data breaches leave private information exposed, often to those with ill intentions.

Sometimes, a victim won’t even know that his information has been exposed – until something far more serious than receiving annoying spam occurs. That’s the problem that the website haveibeenpwned.com addresses. The website, created by web security expert Troy Hunt in late 2013, contains a huge searchable database of data breaches. 

Hunt is also a Microsoft regional director, a title that the tech giant bestows on individuals that evangelize and share their expertise on Microsoft technologies.

Hunt said he created the site to make people aware of how serious online attacks are: “Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur. By aggregating the data here I hope that it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet.”

The Adobe hack of 2013 where over 150 million user accounts were breached – then the biggest ever – was what spurred Hunt to start the site. During his probe then and of other prior hacks, he also noted that many users tend to use the same passwords for different websites – a very risky habit Hunt noted. 

How to use

To use, just put in your email or username, and the site says whether your email has been compromised or not, and lists the services or websites where one’s data was stolen. To date, the site has a database of 4.7 billion “pwned” accounts collected from breaches from 233 websites. This includes some 200,000 emails leaked after the Comelec hack of 2016

The latest addition to the site’s database was Onliner spambot’s 711 million exposed email addresses, discovered in August. The exposed emails were being used in a spam campaign and to facilitate the spread of a trojan virus called Ursnif that tries to steal banking data. Hunt noted that it was the largest batch of data he has ever uploaded onto the site. 

Additionally, there are certain breaches, that are deemed sensitive. These are breaches from websites that might affect a person negatively if their username pops up there.

There are currently 18 of these, and most of them are porn sites and dating sites: Adult Friend Finder, Ashley Madison, Beautiful People, Brazzers, CrimeAgency vBulletin Hacks, Fling, Freedom Hosting II, Fridae, Fur Affinity, HongFire, Mate1.com, Muslim Match, Naughty America, Non Nude Girls, Rosebutt Board, The Candid Board, The Fappening and YouPorn. To search these databases, one has to first verify their ownership of the email or username being queried. 

“Pwned” is internet slang for being “owned” or dominated in a match, typically in a videogame but also now applies to the experience of being hacked. – Rappler.com