Compromised Email Accounts Revealed
I get calls all the time from people who have compromised email accounts. Usually, the problem is the result of a phishing attack – where the victim responds to a fake request for information received via email or website popup. Back in September, I reported on a security vulnerability affecting Google logins. Today, I received information that this vulnerability has been extensively exploited during the past month.
But the truth is, even the most careful person can have their personal information stolen if that information is stored on a website that gets hacked. Contained in today’s security news report was a link to a website where you can check if your email addresses have ever been stolen from a hacked website. The website, Have I been pwned? maintains a database of email addresses that have been stolen during data breaches. Since this is a legitimate security website, it doesn’t store any passwords – just a list of compromised email addresses, and a report of the hacked websites where those email addresses were found.
I personally am very careful when it comes to security. Still, there are times when I am asked to provide my email address to join a forum or register a product purchase. Imagine my surprise when I discovered that some of my personal email addresses had been stolen as part of data breaches!
I urge everyone to visit the Have I been pwned? website to check if your email address has been compromised. It does not ask for any passwords, and it does not “harvest” your email address. You simply enter your email address, and you are instantly informed whether that address has ever been compromised (and if so, how many times it has been compromised). You can optionally subscribe to their warning service. By subscribing, you will be sent an email if your address is ever compromised in the future – but the other benefit to subscribing is that you will be able to view a report containing the details of all breaches where your email was compromised. There is no cost to subscribe, and again, no password is required.
Jack Eisenberg is the owner of Safe and Secure Computing