The past couple of years have witnessed major data breaches plaguing the web space. These hacks have not only resulted in a large amount of personal information like usernames and passwords being leaked online but also led to a large amount of cash being stolen from the bank account of individuals. Not just websites like Ashley Madison, Fling and Mate1.com have been affected, but tech giants like Yahoo and Adobe have also suffered massive losses due to these breaches. But now a website called ‘Have I been Pwned‘ (HIBP) is making this data available to enterprises and individuals so that they can match their passwords from those existing in its database to find out if their passwords have been compromised.
The website has been created by Microsoft Regional Director and security developer Troy Hunt for all those who want to assess if their online information has been compromised or breached. “The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more,” Hunt wrote in his blog.
Hunt has revealed over 320 million passwords in his blog, which he has collected over several data breaches over the years. ‘Have I been Pwned’ does not reveal the usernames, passwords and their associated email ids. The website only lets the users know if their email id has been compromised.
ALSO READ: WTH! Yahoo faces security breach AGAIN
If your password has been compromised, it would show a message like this:
Have I been Pwned-hacked (Photo: HIBP grab)
However, if your credentials are safe, it will show a message like this:
Have I been Pwned- not hacked (Photo: HIBP grab)
“One quick caveat on the search feature: absence of evidence is not evidence of absence or in other words, just because a password doesn’t return a hit doesn’t mean it hasn’t been previously exposed,” Hunt observed on his blog.
ALSO READ: Alert! Here are 10 passwords you should never use again
“One quick caveat on the search feature: absence of evidence is not evidence of absence or in other words, just because a password doesn’t return a hit doesn’t mean it hasn’t been previously exposed,” Hunt observed on his blog. Interestingly, you can also download the entire collection of 306 million hashed passwords directly from the ‘Pwned Password’ page, which is basically a 5.3 GB zip file and expands up to 11.9 GB when extracted.
For interesting tech videos from InUth, follow us on Youtube.com/InUthdotcom
