In today's slang, "pwned" refers to a hacker compromising someone's account or computer.
Do you worry if someone has stolen your personal information online? It is not paranoia. Most Australians have had their personal data stolen, according to the Australian Government Cyber Security Centre.
Today this can put you in danger of identity theft, fraud, spam, phishing and other online attacks. It is bad enough if it is you personally, but if it is your business, legally it is much worse.
For years, we have recommended a free and easy tool to help you stay safe online: Have I Been Pwned? This website lets you check if your email address has been in any data breaches. It then warns you whenever your personal information appears in new public data breaches.
Here is an example of its use and what motivated me to write this post. A client who took our advice got this email from them a few days ago.
He was shocked and quite confused. How did Luxottice get his information? He never dealt with them. He did not know who Luxottice were and how they had his birthday, email address, name, address, etc. I am sure many of the other 77 million people would like to know this too.
It is all fascinating stuff.
What can you do?
This is the advice we give our clients, and I am recommending our readers here to do. Sign up for Have I Been Pwned. It is a website that collects and analyzes data from different breaches, hacked accounts, leaked databases and dark web forums. It then lets you search for your email address to see if it has any data of your email address on the dark web. It then gives you information about when each data breach happened, the affected company, what of your data was exposed and the source of the violation.
Why should you use "Have I Been Pwned"?
It can warn you whenever your personal information appears in a public data breach.
For example, if I enter my email address on Have I Been Pwned, I see several times someone has released my information on the Dark Web.
One was in the LinkedIn breach of 2016. That would have been a severe breach, as my email and password were exposed in that incident. Someone could have gotten complete control of my LinkedIn account.
How to sign up for Have I Been Pwned?
Signing up for Have I Been Pwned is simple and free. All you need is an email address that you want to watch for data breaches. Here are the steps to sign up:
- Click on this link Have I Been Pwned
- Enter your email address in the search box and click "pwned?"
- If your email address has been in any data breaches, you will see a red message saying, "Oh no — pwned!" followed by a list of violations. If not, you will see a green message saying, "Good news — no pwnage found!"
- To sign up for notifications, click "Notify me when I get pwned" at the top of the page.
- Enter your email address again and click on "Verify".
- Check your inbox for a verification email from Have I Been Pwned and click on the link to confirm your subscription.
- You're done!
You will get an email whenever your email address appears in new public data breaches.
Please sign up for all the personal and business email addresses you care about. There is no limit.
If, for some reason, you do not like the service, well, you can remove your account, so there is no risk.
Now you are better covered in your online privacy.
More tips for your online security
- Use a password manager: A password manager is software that makes and stores strong passwords for all your online accounts. It can help protect your passwords from being stolen by hackers or keyloggers. Many password managers are available, I like Bitwarden, but there are many. Choose the one that suits your needs and preferences.
- Change your passwords: Even if you use a password manager. It would be best to change your passwords regularly, especially if they have been in a data breach. It will stop hackers from using your old passwords to access your accounts.
- Two-factor authentication is the best security now, but it's a real pain. If you use it even if someone knows your password, they won't be able to access your account without access to your mobile.
-On Facebook, I recommend setting up your page as secure. We have had clients whose Facebook accounts have been hacked.
- Use data minimization: Data minimization is sharing only the least personal information needed for a specific purpose by only giving relevant information. Don't give more than required to reduce the amount of personal data that could be exposed.
In your business, do this, too, if you need to verify someone's account and get a license for checking. Check the details on the license, but only make a copy if you have to.
Conclusion
Online privacy and security today are essential.