Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
to check a you help few been hacked? have things

Have you been Hacked? A few things to help you check
#1
Information 
A new day, a new data breach.

Facebook and LinkedIn (which says the latest incident was a “scrape,” not a “breach”) are just two of dozens of recent examples of our precious passwords falling into the wrong hands.

Whether it's an email service, an online store account or even a service designed to keep our passwords safe, no site or service is immune.
When it happens, our Spidey senses go off and we go into panic mode, imagining all the terrible things that might happen if a hacker gets into our accounts, uses our identities or goes on a massive shopping spree under our names.

It's a scary digital world we live in, but many valuable tools can make it safer for you.

Here is a few sites that will allow you to find out whether hackers have your password – and how to fix it right away.


Have I Been Pwned?
Code:
https://haveibeenpwned.com/


The most popular of all the hack-finding tools is Have I Been Pwned.
It’s a website that tracks and catalogs high- and low-profile data breaches. You can search the site's database using your email address or phone number. You can also find out if you are using a password that has "Pwned", and found in the of the breaches. They have a database of over 613 million passwords that were previously exposed in a data breach.

If the site links your login with a known breach, it tells you which company was hit, and what kind of information hackers might have. You can also find a list of companies/web sites that have been hacked, under the "Who's been Pwned". It will list the company/web site, the date of the breach, then number of compromised account, and what data was compromised (i.e. Email address, password, credit card numbers, IP addresses, Real Names, Addresses, etc.)

I just typed my email address in, and sure enough, my passwords are all over the place. Luckily, they’re old ones, but still, the page of breaches seems to go on for days: LinkedIn, Adobe, Dropbox, and countless other data breaches included my email address and various other data, including passwords, phone numbers, physical addresses, and even employers.

I live my life online, so having accounts on a ton of different websites, app and services means the odds of my data showing up in a hack are high.

The fix? Change all of your passwords, add a password management tool, and for the love of all that’s tech-ish, stop using the most hacked passwords like “123456,” “password,” or the ever-popular curse word mash-ups like “eff-something.”

HaveIBeenPwned is an excellent tool if you want to dive into past data breaches to see if your information is floating around out there. It also points you toward a password manager. But other services offer a more proactive approach to tracking hacked information, including notifications whenever your personal info pops up in a new leak, or they check sites for weaknesses before they cause a problem for you.

Here are a few favorites.


BreachAlarm
Code:
https://breachalarm.com/

You can use BreachAlarm in the same way you use HaveIBeenPwned. It's easy to search the site's database to find past hacks and leaks that might include your personal info.


But if you want to take things to the next level, the $30 annual subscription will scan new hacks whenever they pop up and then alert you if your data appears.

This gives you a head start in changing your passwords or closing your accounts on sites that may put your identity or finances at risk.


Sucuri Security Scanner
Code:
https://sitecheck.sucuri.net/


If you want to get even more proactive about your protection, consider using Sucuri.

Sucuri is a site that actually performs active scans on websites to search for vulnerabilities that hackers might exploit.

If a place you love shows up as being risky, it's wise to routinely change your password there, or at the very least use a password you don't use anywhere else. (This should be a rule for all sites, but it's easy to forget). There's a browser extension that makes the process even easier.


If you run your own website, the $16 subscription will keep you up to date on your own website's safety, but that's not required to scan URLs.

Avast / Hackcheck
Code:
https://www.avast.com/hackcheck


Avast, the anti-virus company has a site that you can used to check if your email address has been found in any of the known breaches, much like HaveIBeenPwned or BreachAlarm.

You enter your email address into the search box, and click on the "Check Now" button.

You will then be told if any information has been found, and a list will be emailed to the email address you just searched.


F-Secure
Code:
https://www.f-secure.com/us-en/home/free-tools/identity-theft-checker


Another player in the Anti-virus game, F-Secure, has a site similar to Avast.

You put your email address in, and
click the Blue "Check for Breaches" button,
tell them your not a robot,
and like the Avast site,your report is emailed to you.


Norton/Life Lock
Code:
https://www.lifelock.com/breach-detection/


And another of the big Anti-virus makers has a breach detection site too. Norton/Life Lock, the ones that offer up to one (1) million dollars in Identify Theft protection.

The report generated is sub-par without a subscription. The report only tells you the date of the breach, and the data exposed in the breach, however, it does not show the site that was breached. I guess they want you to do your own detective work (or get a subscription).


Dehased
Code:
https://www.dehashed.com/


Finally, Dehashed, a site that is similar to HaveIBeenPwned, except it offers a little bit more information that can be searched on.

You can search on a your username, IP address, physical address, Real Name, your phone number, and your vehicle's VIN. There are other fields you can search on, such as 'email' by using the "fieldname:" before your search term (i.e. email:[email protected]), instead of using the pre-made search keys.

You can even do a wild card or regex search, for your term, with/without using any of the defined fields.

Dehashed is also different, in that they are a meta search engine, taping into a multitude of data troves to search for you information (over 48,348 distinct, separate DBs when I did a brief look).

The only drawback, is unlike the other sites, you need to register an account. They do not keep logs, privacy and security (even data at rest in encrypted) is very important to they. The main reason they require an account, they say, is that they can tell if you are trying to scrap the site by doing too many searches. Also, you need an active subscription to see detailed results, without one you only get where the breach was from.

Another interesting item, is that they work with and for Law Enforcement, and a number of NGO (non-government organization), as well and some of the three letter GOs (Government organizations), and their affiliates.

Google Chrome

Believe it or not, Google just added its own password scanner right into it's popular web browser.
Google Chrome can alert you if it finds that your passwords were likely included in a breach or hack.
You may not have noticed this new advanced feature, but it's easy to use.

If you’re logged in to Chrome, click on your photo in the upper right-hand corner of the page,
then click on the little key icon.  That takes you to your “settings.”

You can also get there by typing
Code:
chrome://settings/passwords


Now tap "Passwords."

On the passwords page, click "Check passwords" and then "Check now."
The built-in tool will tell you if any of your passwords have security problems.
If they do, you'll be prompted to change them, and a link will direct you to the site to make the password update easy.

Microsoft Edge

Even Microsoft has taken note of the Data Breaches, and incorporated its own password scanner into Microsoft Edge.

First, make sure you are logged into the Microsoft network (i.e. Hotmail/Outlook, XBox, etc.).
Then, in the upper right corner, click on the three dots "...", and this will take you to the "Setting and more" menu.
Then select Settings, about three quarters of the way down.

You can also get there by typing in
Code:
edge://settings/profiles

You will then be in the setting section, now look on the right side, and you will see "Your Profile".

click on the Passwords entry, to open the password menu.

Select the 4th entry down, "Show alerts when passwords are found in an online leak", and turn the slider on.

You will get a new item below the current entry, with either a information icon (the "i" in the blue circle),
or and alert icon (red "!" in the red circle).

click on the ">" on that entry, and it will take you to the "Passwords / Fix Leaked passwords" menu.

You will see a list of sites and passwords that have been breached. If you don't, click on the blue SCAN NOW button.

You will then have the option to either CHANGE or ignore the item.

CHANGE will take you to the website to, surprise, change your password.
[-] The following 1 user says Thank You to Soul Rider for this post:
  • PriSim
Reply
#2
I started to use random passwords since the Dropbox leak, it has been years

Nevertheless, this article is quite useful. In addition, Firefox also has a built-in data breach check called Firefox Monitor
Reply
#3
(05-01-2021, 10:21 AM)yyjh Wrote: I started to use random passwords since the Dropbox leak, it has been years

Nevertheless, this article is quite useful. In addition, Firefox also has a built-in data breach check called Firefox Monitor

Firefox Monitor is a bit flawed. It insists that it sources the data from Have I Been Pwned. However Firefox Monitor only shows 4 leaks for me whereas Have I Been Pwned shows 6.
Reply
#4
(05-03-2021, 04:53 PM)boxesofkittens Wrote: Firefox Monitor is a bit flawed. It insists that it sources the data from Have I Been Pwned. However Firefox Monitor only shows 4 leaks for me whereas Have I Been Pwned shows 6.

I hadn't noticed that, but you are right, Firefox Monitor shows fewer than Have I Been Pwned. It is a bit weird since Firefox Monitor pulls the data directly from Have I Been Pwned.
Reply
#5
(05-04-2021, 08:41 AM)yyjh Wrote: I hadn't noticed that, but you are right, Firefox Monitor shows fewer than Have I Been Pwned. It is a bit weird since Firefox Monitor pulls the data directly from Have I Been Pwned.

In the meantime I have noticed why that happens. Have I Been Pwned also shows unverified leaks (i.e. leaks that you might have been part of but not for sure) while Firefox only lists the verified leaks.
Reply
#6
(05-07-2021, 07:48 AM)boxesofkittens Wrote: In the meantime I have noticed why that happens. Have I Been Pwned also shows unverified leaks (i.e. leaks that you might have been part of but not for sure) while Firefox only lists the verified leaks.

Better safe than sorry I suppose, online accounts play a huge part in people's lives now
Reply
#7
Start using different passwords for each different website early on
Reply
#8
I use to change my email passwords every 3 months
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)