Check If Your Email Address Has Been Compromised
The Pwnedlist website offer a simple tool that lets you check if an account has been compromised i.e. your account details have been dumped online. Pwnedlist is operated by security researchers from DVLabs (a research organization for vulnerability analysis and discovery) who confirm that no passwords are stored in their database and data you enter is not stored, re-used, or given to third parties.
They have a database of about 5 million accounts that they have found dumped in cyberspace – 70% is composed of email addresses while the other 30% is of usernames. The website is simple to use, just visit Pwnedlist and type in an email address (in lower case) – do NOT type any passwords.
Press the ‘Have you found my account’ button to find out if your email address is amongst the millions of compromised accounts that they have collected – if it is then you will see the following warning: “Don’t panic! Just because your email was found in an account dump we collected does not mean it has been compromised.
Your first reaction should be to immediately change any passwords that might be associated with this email account. It is probably a wise idea to go through all your accounts and create new passwords for each of them, just in case.”
If your email address is not listed that is good news – but to ensure it isn’t compromised in future, now would be a good time to check that you are using strong passwords for all email and online accounts.
How To Create A Strong Password – Choosing a strong password makes it very difficult or impossible for someone to hijack your email account, even using advanced password cracking programs.
Tip: Strong passwords are important for email but they apply equally to all types of online transaction such as online banking and shopping. However, don’t use the same password on more than one website or email account because if one is hacked then effectively they all can be!
- The keys to password strength are: length and complexity
- An ideal password is long and has a mix of upper case (capitals) and lower case (small) letters, punctuation, symbols, and numbers. Whenever possible, use at least 14 characters or more.
- The greater the variety of characters in your password, the better. Use the entire keyboard, not just the letters and characters you use most often.
E.g. 12345678 or jonathan are very weak passwords (only 8 characters, all the same type and a meaningful name) so are very easy to guess using the right software. However, the password ?lACpAs56IKMs” is very strong because it has lower case and upper case letters, numbers, punctuation and symbols.