We hear about data breaches all the time – either in the news, or if the company is transparent enough to warn their users. In fact, just 6 hours ago I received this email:
The normal course of action is to immediately change your password on the affected website. But what if you want to know how much of your personal information has been leaked in a data breach?
In this article, we’re going to show you some of the best resources for tracking down your personal data, and figuring out exactly what data about you has become public after some of the biggest data breaches throughout history. If you’d like to learn more about protecting your identity online, you can check out findreviews.com, which rates many popular security tools. Additionally, if you’re interested in how ethical hackers and security analysts fight back against malicious hackers, you can read this article which explores many facets of ethical hacking.
HaveIBeenPwned
This is an extremely useful website for figuring out if any of your email addresses or passwords have been publicly leaked in data breaches. By entering your email address, HIBP will tell you how many high-profile data breaches your email address appears in.
For example, my personal email was discovered in the following breaches:
a. Adobe
b. Avast
c. Black Hat World
d. Coupon Mom
e. Armor Games
f. Disqus
g. Exploit.In
h. LinkedIn
i. MyFitnessPal
j. Nexus Mods
And a few “unverified” breaches, like scraped credential lists on websites like Pastebin.
If you switch over to the Passwords tab, you can enter any of the passwords you use (don’t worry, it’s safe) and it will repeat the same process. For example, after I enter an old password that I haven’t used in a long time:
And one of my current passwords:
So overall, HIBP is a great resource for discovering if any of your emails and passwords are publicly available.
HaveIBeenSold?
HIBS was inspired by HIBP, and works on nearly the same principle, though for a different purpose. HIBS lets you enter your email address, and tells you whether your email has been sold by companies to third-party advertisers (typically email spam).
If your email address is found, you have the option of reporting the violator to the GDPR (General Data Protection Regulation), which can impose massive fines on companies discovered to be selling user-data.
Firefox Monitor
Firefox Monitor is nearly the exact same thing as HaveIBeenPwned – in fact, it relies on HIBP’s API
You can also sign up for email alerts for if your email address shows up in any new data breaches down the road, which is highly useful. As a straight up clone of HIBP, it’s honestly a little less useful as it’s only for email searches, but it brings HIBP’s capabilities to a larger audience.
PasswordSecurityInfo
This is a great tool that serves two purposes. First, it checks if any password you enter has been involved in a data breach. For that function, it utilizes HaveIBeenPwned’s API.
It’s second function is as a password security adviser. When you enter a password, it tells you how long it would take hackers to crack the password using bruteforce passwords. For example, if I enter “password1” in the field:
But if I enter something a bit more complex, with lots of symbols and special characters:
DeHashed
DeHashed works similarly to HaveIBeenPwned, but is a bit more complex. Not only can you search by email and password, you can search for pretty anything that would appear in a data breach. From DeHashed’s own FAQ:
What can I search for?
Anything! Our advanced systems allow you to search for I.P. Addresses, Emails, Usernames, Names, Phone Numbers, VIN Numbers, Addresses; and what makes us even more unique, we allow you to reverse search Passwords, Hashes, and more!
So if you want to dig a bit deeper into data breaches than just email and password, DeHashed is a great tool to use.
Other Useful Tools
We only highlighted the most popular tools for checking your personal data against public breach databases, but here’s a great list of alternative tools.
