';--have i been pwned?
14
I am not sure if this site has come up before here, but I am too lazy to look. But it is still worth posting again even if it has.
With all the corporate hacks coming to light it is interesting to see what hacks may have exposed your data. Disclaimer: the Yahoo and Equifax hacks are not included.
Put in your email addresses and you will see where you have been exposed.
One email address I have showed no exposure.
Another address showed that I was exposed with the LinkedIn hack. The LinkedIn data was not sold on the Dark Market until 4 years after the hack.
My 3rd address showed I was exposed by River City Media (no idea). This data was used for a huge spamming campaign.
Just enter your email address and see where you have been exposed.
';–have i been pwned?
https://haveibeenpwned.com/
- 12 comments, 22 replies
- Comment
Wikipedia seems to think they are legit:
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
but…
It still sounds like the best idea for an active email address harvester that any script kiddie ever had.
@meverett True dat. But it was created by Troy Hunt who is a Microsoft MVP for Developer Security.
@meverett
Fascinating, and on the money, far as I can see. I was pleased to see that email addresses I’d thought hadn’t been exposed came back with a clean bill of health. Also, LinkedIn sucks (yeah, my information was exposed along with everyone else).
@Shrdlu I also was very happy to see limited exposure. On the news program I watched the reporter trying it out showed around 13 breaches for his email address.
@Shrdlu Actually, I just put in my work email address and it showed two breaches. One by an Onliner Spambot, and the other by NetProspex -
"D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses"
@mfladd I’m now ready to fall over with laughter. Yahoo’s one zillion compromise missed me. Who knew?
I have around 30 email accounts that are in active use, some obscure, some well known, and nearly all in existence for multiple years.
@Shrdlu My understanding from the news report is that the Yahoo and Equifax hacks are not yet included. Not sure.
@Shrdlu Maybe read the OP.
@Shrdlu Bad news- if you had a Yahoo account at the time of the breach, it was compromised. All 3 billion accounts are now thought to be potentially compromised.
@dashcloud And like the Linkedin hack it could be years until that data is sold on the Dark Market.
@dashcloud Also subsidiaries of Yahoo.
I’ve had Flickr for years, but Yahoo bought them and handed over the data.
I can’t even find my old Yahoo Groups account anymore, but I bet they kept that data to hand out too.
@dashcloud Yeah, I heard about the 3 billion accounts, and I’d also heard about the original compromise. Funny thing was, that I’d changed all the information on the account the very day of the initial release by Yahoo. There was never much on my yahoo account in any case. Years ago, they bought 411, who had acquired Rocketmail (one of the very first free emails, btw), and even then, there was almost no identifying information in it. Heck, Meh knows more about me than Yahoo does. Meh (via Morningsave) knows where I live (they both have the same Amex card number, and yes, I know that having the card implies that they could find out the rest, but Yahoo didn’t get the current card number until after the breach).
Mostly, I’ve kept the Yahoo account because of Flickr, and I like Flickr, even though Yahoo has done their level best to ruin it.
Still, there’s two sides to the Yahoo compromise. Were you compromised when Yahoo was, or (and this is different) was your email account associated with Yahoo compromised (i.e. when you used it somewhere that gave up personal data).
Hm, worse than I thought:
last name email got 000webhost and zomato. The zomato thing is weird since I mainly use that email for professional stuff.
day-to-day email got: 000webhost, Adobe, bitcoin talk (might actually explain how I lost a few bucks I had in not-very-secure altcoin accounts), exploit.in, Linkedin, modern business solutions, powerbot, torrentinvites, xat, and zomato.
Honestly, I’m a little surprised I haven’t had more problems looking at that list.
@PolkSaladAnnie has none on her good account and only 6 on her “all my spam goes here” account. I’m jealous.
@Pantheist I see you omitted PornHub
@mfladd I briefly got nostalgic about cheating in runescape when I saw powerbot.
Edit: no need for pornhub though- I had torrentinvites :p
To remark upon the personal existential aspects of this question:
You were born you.
You think you will be shat out by a bear.
Re pwned:
You have to ask?
Do you really want an answer?
One. Fuck you, Kickstarter!
/8ball Was backing a startup daily deal site idea a few years back a bad idea?
Most likely
I’ve got an all clear on my accounts
@candiedisilvio1 Me too! Whew.
I’m not even bothering to look, I was in the OPM and a bank one several years back so my banking and PII data has long been available. These losers like Equifax are late to the game, and now that my PII is gone, email addresses for marketing seems an insignificant gnat of annoyance.
dammit! the email account i used for myspace was pwned. i’m ever so fucked.
Of the 8 email addresses and aliases I checked, 5 were clear. Old work email had 3 hits, but I never used work passwords for external sites that I used the email for. Current work has zero hits. On the personal accounts, one of them was last.fm and the other was the river city thing.
Experian was breached in 2015. Equifax breached in 2017. Now they’re making millions on credit freeze and credit monitoring fees as a result. Welp all they’ll get from me is a lawsuit if I’m injured by this clever business strategy.
@uwacn
Good luck collecting in that lawsuit.
Don’t mean to be snarky.
I doubt anyone who sues will collect anything close to what we ought.
How about another year of credit monitoring plus $10?
Yep, it’s a legit site; I’ve known about it for years.
As @shrdlu says, LinkedIn sucks. So does Yahoo, and by extension, Verizon. Others as well, but I’m too lazy to list the ones I dislike the most.
Two of my email addresses have been pwned.
Also, re: Equifax, read this latest from Liz Weston; your life has almost certainly been changed, and not for the better.
@baqui63 this article smacks of fear mongering. There are certainly potential downsides, but the streets aren’t flooded with criminals who will successfully give your info to the IRS or the cops.
@Pantheist the tax refund thing is an already very common scam, my mom has a number of clients every year she has to help deal with the fallout of these criminals. It’s nothing to make light of.
@Pantheist
Equifax Awarded $7.2 Million IRS Contract Despite Security Breach
http://www.snopes.com/2017/10/05/equifax-contract-irs/
@sgrazi Why am I not surprised…
Aren’t we lucky that we have almost no legal protections?
Thanks, Congress!
tells me my dead yahoo account was a part of a myspace hack. never logged into myspace even when it was the end all to end all.
@Cerridwyn Maybe someone used your dead Yahoo account to open a MySpace page, since every Yahoo account was breached.