Although we go to great lengths to protect our personal data, sometimes it can be leaked through no fault of our own.
To make matters worse, companies do not always notify their users in the event of a security breach.
Thankfully, a free tool has become incredibly popular in recent years, called Have I Been Pwned. Using this tool, you can plug in your information, and find out whether or not your accounts have been compromised in a data breach.
But is Have I Been Pwned safe to use, and should you trust it with your data?
In this article, we’ll cover everything that you need to know!
Is Have I Been Pwned Safe To Use?
Yes. Have I Been Pwned is completely safe to use, and has been trusted by millions of people for around a decade now.
Per the company’s Privacy page, you can see that no submitted data regarding your use of the tool is stored permanently, and nothing you use can cause further risk to any of your accounts.
Therefore, you should feel completely safe using the tool – it is 100% legit, and extremely valuable for discovering if any of your accounts have been compromised.
Ensure Your Own Device Is Safe, However
Although HaveIBeenPwned.com is completely safe to use and will not steal any of your information, you should always take steps to ensure that your own device is safe, and free of viruses / malware.
This is because if you type out sensitive information (such as emails or passwords) on your device, it is possible for viruses to log your keystrokes and essentially steal everything that you type.
Therefore, if you use the password tool on Have I Been Pwned’s website, it is possible for someone to steal it if they have infected your device with malware.
Of course, they would have gotten your password anyway the next time you typed it out – regardless of which site you were on.
To recap, Have I Been Pwned itself is completely safe – but you are always at risk if your own device isn’t secure.
What Is ‘Have I Been Pwned’?
Have I Been Pwned is a free tool that allows you to input your email, phone number or password to see if its been involved in any data breaches.
When a data breach occurs for a website or service, sensitive information regarding people’s accounts may be stolen and sold to others. This puts your accounts at risk not only on that one website, but on every other service that uses the same password.
By checking if you’ve been involved in any data breaches, you can take the appropriate steps to secure your accounts.
In the example above, you can see that I’ve plugged my email address into the tool, which at the time of writing has been involved in one breach.
Have I Been Pwned also shares details relating to the breach, including the information that was actually shared. In this case, my password was not stolen, but my name, username and email address was.
Note that Have I Been Pwned can only cover public breaches that the service knows about. As you might imagine, there are certainly other services that suffer data breaches without ever realizing it, meaning the tool is not perfect.
However, it is completely safe to use, so feel free to check it as frequently as you’d like (or sign up for updates!)
One Of My Accounts Have Been Compromised! What Should I Do?
If you search for your email in HaveIBeenPwned and the tool indicates your information has been involved in a data breach, don’t panic!
This doesn’t necessarily mean anybody actually logged into any of your accounts yet, or stole any sensitive information that may be located within these accounts. However, it is a possibility.
The first thing that you should do is change the passwords that have been reused across other websites. With data breaches, it is common for people to try and also login to all of your other accounts that use the same email, username and password.
Next, you should ensure all of the passwords you use across the web are unique. This will ensure even if one of them is compromised in the future, all of your other accounts are safe.
I recommend using a password manager called LastPass. Using LastPass, you can generate a unique password for every single website you use. Then, whenever you visit that website the LastPass browser extension will automatically fill the password in for you, so you don’t have to remember it.
This is much safer than reusing the same password (or set of passwords) across multiple websites!
Next, you should enable two-factor authentication for all services that support it. Using two-factor authentication, you will usually need to type in a code from your phone (or an authenticator app) before signing in on a new device. This makes it practically impossible for non-authorized people to sign into your accounts.
Finally, you should log in to the accounts you believe may be compromised to look for suspicious behavior, or any actions that may have been taken while your accounts were taken over by someone else. If you’re quick about it, you can usually avoid any damage.
Thankfully, HaveIBeenPwned.com is completely safe to use. The company is completely legitimate, and people have been safely using it to check for compromised accounts for around a decade now.
Of course, if you are still concerned you can avoid the website if you wish.
I hope that you’ve found this article helpful. If you have any questions about computer security, please ask them using the comment form below.
Wishing you the best,
– James McAllister