In January 2019, in a dark corner of the Internet, known as the Dark Web, a collection of stolen email addresses and passwords appeared for sale. This, unfortunately, is not the first time something like this has happened. What sets this “dark trade” apart from the others is that the collection contained an incredible 773 million email addresses and passwords. This event is called Collection.
Like a bad movie, Collection got a sequel, then another one, then another one. At the end of the “series” we have as many as five sequels, and it’s only a matter of time before we get the sixth. So far, in this terrifying drama, a total of a staggering 2.7 billion email addresses and passwords have been stolen.
When we talk about such huge numbers, the chance that your email was on the list of compromised accounts is very high. And when we take into account all the other data breaches, that chance increases even more.
Creating strong passwords, using Password Managers and browsers that pay special attention to security means nothing if this data is stolen directly from internet companies. An additional problem is the fact that these companies sometimes hide that theft has occurred in order to protect their reputation, and in that way, indirectly help thieves and directly harm their users.
Is it possible to find out if your password has been stolen?
When a theft like this happens, we ourselves have no control over the event, so the question is whether it is possible to find out if your account was on the list of stolen accounts? Fortunately, the answer is yes, but the method is not one hundred percent correct.
Namely, there are services on the Internet, of which the best two are HaveIBeenPwned and Hass-Platner-Institut, which compare your email address with the database of all known, stolen email accounts. That is why we said that the method is not always accurate. If your email has been stolen but is not in this database, these services will give you the wrong information, but if they tell you that the email has been stolen it is information that should be trusted.
How HaveIBeenPwned and Hass-Platner-Institut work
When you go to the HaveIBeenPwned and Hass-Platner-Institut websites, both will ask you to enter the email address you want to check. These services will never ask you to enter your password. Then, as we said, a check will be made. HaveIBeenPwned will show you the results on the site, while the Hass-Platner-Institut will send the results to the email you entered.
Suppose it is confirmed that the data breach occurred. In that case, both services will tell you when this happened, in which company, what data was stolen, and additional information about what exactly happened.
If the search result for your email is positive, change the password on that account immediately.
Browsers add password protection functionality
The services we wrote about only check email addresses, but what about the other passwords we use, such as those on websites?
After the unfortunate event of 2019, Google has released a free plugin for its Chrome browser, which warns you when you go to a site that has been the target of attacks in the past. You can download this plugin HERE.
There is also a passwords.google.com service, where when you sign in with your Google account, you will receive a detailed report of all the usernames and passwords you used to log in to websites, whether this data was a part of the data breach, and how many weak and duplicate passwords you have. Unfortunately, this will only work if you use Google to store your passwords.
Mozilla Firefox is also evolving in this field with its Firefox Lockwise, which works, for the most part, just like Google’s service. The easiest way to access Lockwise is to type
about:logins in the address bar. If a password is stolen, a large red banner will notify you. Unlike Chrome, you don’t have to store passwords in Firefox to use this, and even the ones you import will work.
Microsoft Edge announced the release of Password Monitor in 2020, which will serve the same purpose as Chrome and Firefox services, but to find out exactly how it will work, we have to wait.
Password managers will not help you find out if your password has been stolen, but we decided to mention them because they are the only way to comply with all the secure password management rules.
They are very easy to use. All usernames and passwords are stored encrypted on the cloud, so they will be worthless to the thieves even if they are stolen. When you want to log in to the website, the password manager will automatically fill in this information for you.
In addition to security, the main reason for using a password manager is that this is the only way to have a unique password for each site you register on, in addition to making the password long and complex.
If you don’t already use them, our advice is to grit your teeth and learn to use a password manager, as not only will it increase your security on the Internet, but logging in to sites with them is much faster and easier.
Probably the best password manager is LastPass, free, fast, and incredibly easy to use.
See our detailed tutorials: