There have been several well-publicized data breaches in the last few years. Some of these breaches affected millions of users and their data. How can you find out if you were affected by a large data breach?
HaveIBeenPwned is a website, built by Troy Hunt, that lets you check your email addresses to see if they’ve been involved in a known data breach. On the main landing page at HaveIBeenPwned is a form where you can submit your email address. If it finds your email address it will display the full list of known breaches connected to it. You’ll see the company responsible and the type of data involved.
They also have a form to check passwords against their database of exposed passwords. If your password is in their database, you’re going to want to change it immediately. You should already be using complex secure passwords and changing them anyway. You can use a password management service, like LastPass or 1Password, to make that easier for you.
My favorite feature of HaveIBeenPwned is their domain search. It has an option to sign up for email notifications if an email address from your domain comes up in a future breach. You do have to first prove that you own the domain to use this feature. If don’t own the domain, you can still sign up for notifications for your specific email address.
If you find out you were affected by a data breach, we recommend changing your passwords immediately. The top causes for breaches are weak passwords and outdated website software. If you need help keeping your WordPress site updated, contact us for more information.