A question you must address is “Have I Been pwned”? This is a security breach where your email address and Passwords are distributed on the internet after being stolen from secure sites.
What is pwned
First of all the word is not a play on Porned where your safely saved pictures are posted by an old friend without your permission. Is actually pronounced Poned as per Wikipedia.
It is a website for checking your emails. The meaning is debated by many without a real answer other than it means Owned maybe with a Typo or maybe just Geekspeak. Owned seems to fit with the fact that your passwords have been compromised
I have noticed activity
I have had a couple of dark web messages to my email soliciting money or threatening to close my address down and showing my email address. So today I did a check on my address at Am I being pwned.
Recently, it emerged that more than a billion unique email address and password combinations had been posted to a hacking forum for anyone to see in a mega-breach dubbed Collection #1.
The breach was revealed by security researcher Troy Hunt, who runs the service allowing users to see if they’ve been hacked called Have I been Pwned. He has now loaded the unique email addresses totalling 772,904,991 onto the site.
Oh no — pwned!
Pwned on 6 breached sites and found no pastes (subscribe to search sensitive breaches)
This is the result of my main email address., and I am not happy.
Then I went to another email address another carrier and guess what
Oh no- pwned but only one site.
My first to do is to change my password s on all email accounts and go for a very secure password, capitals, numbers, punctuation marks or even get a supplied one.
Many of the experts are saying to use the service of 1password a paid-for service that records all your passwords. It is only a couple of bucks a month and maybe a good investment
Make the changes
Most importantly, if your password is on the list, do not ignore it as it can be used in credential stuffing attacks mentioned earlier.
Hunt says: “People take lists like these that contain our email addresses and passwords then they attempt to see where else they work.
The success of this approach is predicated on the fact that people reuse the same credentials on multiple services.”
With the rise of two-factor authentication, its use should be considered if available and the use of complex passwords is really necessary.
You can check passwords at amI being pwned/password
Is Pwned just a Gimmick?
Troy Hunt, a regional director at Microsoft, is highly respected in the world of cybersecurity research. Not least as he is the driving force behind the popular ‘have I been pwned?’ (HIBP) site. The site aggregates data breaches in order to make it easy for people to find out if they have been impacted by malicious activity online.
This is a real new world problem. They are not doing it as a money-making deal working on donations only.
It does help sell sites like 1password but generally, the site runs on donations and is trying to achieve a bit of control over your business life by keeping your data safer
This is going to grow, as the days pass, into something bigger than we can imagine. This is the tip of the Iceberg. The greatest companies are being hit regularly with missing data so act now to stop the rot
I have been hit and changed my passwords and trialling 1password
Are you ready to do it?