If a company you have an account with has suffered a data breach it’s possible your email may have been pwned, which means your email and password for that site’s account has been exposed to cybercriminals. Haveibeenpwned.com is a website that checks if an account has been compromised.
Have I Been Pwned was created in 2013 by Australian security researcher Troy Hunt, who has so far collected over 11,599,230,942 pwned accounts from more than 564 data breaches. “I started to wonder how many people are actually aware of just how broad this web is spreading, and how many places their data is now exposed,” said Hunt. “I want the people to be aware that they probably need to change their password, and they need to look out for unusual credit inquiries.”
Test your work and personal email accounts to see if it has been involved in a breach. This is especially important if users share passwords across multiple accounts (a big no-no!). We encourage users to use separate passwords (and perhaps research different password managers that may work for them).
If you find out you have been pwned, please change your passwords (especially for those affected accounts). It may also be a good time to set up some multi-factor authentication on those accounts as well, if the vendor supports it.
Firefox offers a free service called Firefox Monitor to help you track and resolve data breaches.
Password management is an important element of online protection. There are many Password management apps on the market. If you’re looking for a free app try Firefox Lockwise.