How to check if your email has a security breach
Share this article:
Has your email account been compromised? Here’s how to find out.
Over the years we accumulate many email addresses. There are the ones we made in high school just so we could join Facebook. The ones we made because we forgot our password and the ones we made especially for job applications because “[email protected]” was just a tad unprofessional.
Of course, we’ve used these addresses to sign up for multiple accounts on social media platforms, online shopping websites and to register on everything from apps to newsletters. The longer you’ve had an email address, the more likely the risk of it being compromised by security breaches. If you have an inkling that one of your most used email addresses might be breached, there are ways to find out for sure.
The website Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. Simply enter thel address into the search bar that appears on their homepage and press the “pwned?” button. If there has been a security breach, you will receive the message “oh no, pwned!”. The site defines a breach as “an incident where data has been unintentionally exposed to the public.” This can include data such as passwords, account numbers, correspondence, names, home addresses, Social Security numbers and more.
Listing every security breach by name, Have I Been Pwned also details what sort of data has been compromised for each of the breaches. Testing out an old email, we found out that the account had 6 breaches with compromised data that included: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Spoken languages, Usernames, Dates Of Birth and Passwords.
An example of one of the security breaches experiences is as follows:
Lumin PDF: In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Compromised data: Auth tokens, Email addresses, Genders, Names, Passwords, Spoken languages, Usernames
* Subscribe to IOL Tech's newsletter to receive the latest tech news and reviews in your inbox: https://www.iol.co.za/newsletters