HaveIbeenpwned – the website where you can check to see if your details have been included in any data breaches or leaks, has recently uploaded the contents of the breach forums database.
I have posted a couple of times about the story of breached.vc, the FBI takedown and the arrest of the admin Pompompurin, and his recent court appearance.
212,000 credentials added
The announcement by haveIbeenpwned shows that over 212,000 credentials have now been added to the ever growing database of exposed usernames and logons, allowing people to check to see if they need to change their security data.
Statistics show that 29% of the credentials in the breach forums data set were already included in the haveIbeenpwned database.
This figure is interesting for two reasons:
- Many people are still using the same credentials across multiple accounts
- 71% of the credentials are new data, which means many people need to check the database to see if they are included and change any credentials which they have used across multiple accounts.
What is haveIbeenpwned?
For anyone unfamiliar with haveIbeenpwned, this is a web service created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.
Troy is well known and respected in the cyber security field, and is an international speaker on web security as well as the author of many top-rating security courses for web developers on Pluralsight.
“I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.”
Troy Hunt on why he built HaveIbeenpwned
The HaveIbeenpwned dataset now contains a mind-boggling 12,590,123,804 user credentials from 686 compromised websites and 115,755 pastes (a paste is a site where criminals freely post/paste stolen credentials) meaning that it is highly likely your email address (and associated password), or telephone number will be included at least once.
To check your data, simply visit https://haveibeenpwned.com/ and enter your information.
In the event of you discovering that your data has been breached somewhere, steps to take include:
- Change your password on all accounts where you used the same data
- If a website supports it, enable Multi-Factor Authentication (MFA) for extra security
- Monitor your accounts for suspicious activity
- Check all emails from sites where your data was breached in case they are fraudulent