If you’re worried a password you use to log in to a site was leaked during a data breach, read about two websites and a Chrome extension that can alert you if this happens.
Learning a website you use has been breached or hacked is alarming—you wonder if your personal data is at risk. But you also fear that your password may have been compromised, especially if the password you use for that site was a simple one that was easily hackable. Instead of wondering and worrying, you can check out a couple of websites and one Chrome extension that can tell you if a breach occurred at a site that you use or have used in the past.
The website known as Have I been pwned? looks for hacked websites at which you have an account based on your email address. Firefox Monitor is another website that provides a similar service, though it relies on the data from Have I been pwned?. Chrome users can install an extension called Password Checkup, which tells you on the fly if the password for your current site was detected in a data breach. Several of the major password managers also offer their own tools to determine if your password may have been caught in a breach. But Have I been pwned?, Firefox Monitor, and Chrome’s Password Checkup work independently of any specific password managers.
Have I been pwned?
Fire up your browser and surf to the website for Have I been pwned?.The site works by scanning your email address to see if it was used at any sites involved in a data breach. Enter your email address and click the pwned button (Figure A).
Scroll down, and the page lists any breaches at sites for which your email address was on file. This by itself does not mean that your password was necessarily leaked or hacked, merely that your email address was discovered at a site that was breached. Some of the reported breaches may be old, and some will be more recent. Read the description of each breach. In some cases, the site may have already forced users to reset their passwords. If you’re unsure whether you already changed your password in response to the breach at a given site, then you should sign into that site and reset your password (Figure B).
Beyond helping you find breaches in which your email address surfaced, Have I been pwned? offers information about breaches in general. The site lists the largest breaches as well as recent breaches. You can search by domain to look for breaches that may have hit an entire organization. You can search for pwned passwords; however, you should avoid entering one of your own passwords—instead, you can download a list of hacked passwords and see if one of yours is on the list. You can subscribe to a notification service to be alerted if your email address is ever caught in a new breach (Figure C).
Firefox Monitor is another site that displays breaches in which your email address appeared. You don’t need Firefox to use the site—you can access the service from any browser, such as Chrome or Microsoft Edge. Firefox Monitor gets its breach data directly from Have I been pwned?, so there’s no true advantage to using this site over Have I been pwned?, though Firefox Monitor does offer security tips and other helpful information. Type your email address in the appropriate field and click on the button to Check For Breaches (Figure D).