Confirming suspicions of hacking is the first step
Many times we can receive emails that of some kind try to take over our account of some servicealready abusing the password recovery system of the different services that we use on a daily basis, or by trial and error of passwords that may have been leaked by the network.
In any of the cases, this is a security problem, since it is possible that on some occasion they manage to get hold of our account data and the security of our online life is compromised, which includes details as important as our finances or even online services of our worknow that teleworking has been and is so important in our lives.
That is why, if we suspect that our email account may have been involved in some type of leak after observing an increase in these attempts, we must act accordingly, for which it is important to start by knowing which of our data has been leaked and where. This is where Have I Been Pwned comes in and its important job of informing users.
Have I Been Pwned will not solve our problems, but it will identify them
Have I Been Pwned is a tool that will not work miracles for us. It won’t change affected passwords, it won’t tell us which services may have been compromised, and it will do nothing to save us from future problems, that’s up to us.
What it will tell us is very valuable information, and that is that once we place our email address on the website, we will be informed if any of the hundreds of leaks that occur around the world contain the entered data, important to distinguish in which account the problem has occurred.
This is important, since from here we can start working to solve the problems that arise from the leak in question. For example, if we know that our email account and password have been leaked through a Facebook hack, all the services in which we use the same password – a practice as common as it is dangerous – are also at risk.
This also works with phone numbers, a possibly more important piece of information in order to understand why we receive spam messages and calls than anything else, because not that we can do much to prevent it except block phone numbers related to this practice after receiving your contact attempts, usually with foreign numbers.
How to use Have I Been Pwned
Using Have I Been Pwned is extremely simple, since all we have to do is access the service via this link to their website, and put in the text field our email address or our phone numbersomething that will compare the data provided with the databases of leaks that the web has obtained over time and will return a result from the databases in which we appear, if our account has been compromised.
The results are ordered by age, showing us the origin of the database in which the filtered data appears in order to make sure that we can change the password not only for that service, but of all those who share data, something important to avoid (even more) unexpected hacks.
Appearing on duty does not mean we are in imminent danger.
It should be noted that if we are faced with old leaks, it is possible that we have already changed the passwords a long time ago due to sheer diligence or by adopting an independent password manager that allows us to use more secure passwordsunique and easy to follow in order to avoid a cascade of problems.
In any case, it is always important to review this type of data from time to time, since there are not a few times that we have echoed a massive leak of personal user data that has reached the hands of attackers, and therefore constitute a security risk.
As a general rule, if we enter Have I Been Pwned for the first time and find our data leaked, the correct thing would be to change the data of the affected accounts or even to clean user accounts in services that we no longer use, while if we were already occasional users of the service, we can “escape” by changing the passwords that remain to be changed, putting a limit to several years in the past, about 3 or 4 years, since hackers tend to use updated lists.
The responsibility for having secure passwords is ours.
At the end of the day, there are two ways that our user accounts can be compromised, on the one hand, the use of an insecure password, and on the other, poor management or storage of them. That is why, for the user, the only responsibility we have is to use secure passwords and double-factor systems to avoid facilitating the entry of external attackers.
For this we can even use the password generator that Google integrates in Chrome, something much better than cases like the ones we have seen recently, where AMD had suffered a leak of about 450GB of data simply for using extremely basic passwords like “password”, something that could be found at all levels of the company.
However, our responsibility ends there, since many password leaks occur because certain companies do not have good security policies, something that leads them to external attackers being able to obtain complete databases with the access data of millions of users. users, something we can’t do much about beyond proactively analyzing the state of our passwords.
This is something that can be extremely tedious, so we can thank services like Have I Been Pwned for their existence, which makes it easy for us to obtain information on whether our accounts have been filtered, although the main source of information in an ideal world should be the companies that should warn their users as soon as they discover improper access to their servers, especially if data has been exfiltrated in one way or another.
End of Article. Tell us something in the Comments!
Add Comment