Your Email And Password Were Probably Leaked On The Internet

As a normal Internet user you don’t frequently hear about data breaches or emails and passwords being leaked to the public. But trust me it is more frequent than you think.

A “breach” is an incident where data has been unintentionally exposed to the public.

This is a small sample how frequent breaches are:

If these numbers didn’t scare you, just wait for what it’s coming
source:
CNBC

After a major data breach, do criminals actually have your password even if it has been encrypted?

tldr: It depends but must always assume the worst.

Companies have various ways of encrypting passwords. There are also techniques called salting and hashing.

The upshot is, the average user will not take the time to find out how the affected company does their encrypting — or hashing or salting for that matter. So the average user doesn’t know how vulnerable their password is.

HAVE YOU BEEN PWNED ?

There is a website that allows Internet users to check whether their personal data has been compromised by data breaches.
IT’S THE FAMOUS haveibeenpwned.

1-Navigate to haveibeenpwned

2-Enter the email you want to check

As you can see this dummy email has been found in 283 data breaches and 611 pastes

A “paste” is information that has been “pasted” to a publicly facing website designed to share content such as Pastebin. These services are favoured by hackers due to the ease of anonymously sharing information and they’re frequently the first place a breach appears.

If you are curious what’s your email have to do with this and you think you are safe because only your email has been leaked, I would like to show you how usually the data breaches look like:

So if your email has been leaked before there is a big chance the password associated with it has been leaked too and since most of internet users use the same password for all their accounts online, it becomes an easy job for hackers to get access to your accounts.

PLEASE IF YOU ARE USING THE SAME PASSWORD ACCROSS MULTIPLE ACCOUNTS CHANGE IT NOW.

1-Navigate to haveIbeenpwned/password.

2-Enter the password you would like to check.
As much as I don’t want to encourage people to plug their real password(s) into random third-party sites, I can guarantee that a sizable number of people got a positive hit and then changed their security hygiene as a result.

The Password I tried is “password”

As you can see this is a very famous password used accross the world and it has been found 3,861,493 times before, CAN YOU IMAGINE ?

This service checks your password against more than Half a BILLION real world password previously exposed in data breaches.

You can have fun with it for a bit and try some combinations.You can also use it to decide wether your new passwords are “safe”.

Well that’s great news, BUT this means your password wasn’t found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn’t necessarily mean it’s a good password, merely that it’s not indexed on this site.

BUT again you are testing the password against half a billion passwords, that should give you some sense of safety.

PLEASE IF YOUR PASSWORD HAVE BEEN LEAKED BEFORE CHANGE IT ASAP AND NEVER USE THE SAME PASSWORD ACCROSS MULIPLE ACCOUNTS

FOR DEVELOPERS:

If you are a developer or someone who’s familliar with coding like me you might be skeptical about entering your password in a third-party website.
Don’t worry haveibeenpwnd got you!

They provide an API that you can fetch and get the results in a more secure fashion without sending your password

If you’re a JavaScript developer you can find the NPM PACKAGE I made to check a user’s password using haveibeenpwned API
I am open to contributation and bug fixes

If you’re a PYTHON developer you can find the program I made to check a user’s password using haveibeenpwned API

I go over the details of both scripts in this article!

AND MAKE SURE YOUR PASSWORDS ARE SAFE ,STRONG AND NEVER USE ONE IN MULTIPLE ACCOUNTS

Connect with me on Linkedin for more interesting tech stuff!

Thank you very much for your attention.

Backend Developer in Pursuit of Happiness | Entrepreneur in the making

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store