Have I Been Pwned?

By Staff Contributor on August 27, 2020

If your email or password has been “pwned,” it means that your account security has been compromised. If you’re using the same password for multiple accounts and applications, then it is possible that several of your accounts have been compromised.

Depending on the nature of these applications and accounts, the consequences could be disastrous. With the right information, a cyberattacker could launch a financial attack on you or your business. In a worst-case scenario, a malicious individual may even steal your identity.

This article will help you understand the implications of pwned passwords and pwned email and what action companies should take when their details are exposed during a breach. To help you protect your company from the risks associated with pwned passwords and pwned email addresses, we recommend integrating SolarWinds® Identity Monitor into your daily operations. This user-friendly, scalable, and sophisticated tool can help prevent account takeovers, notify you of credential exposure, monitor email privately and across multiple domains, and reduce response times.

You can give Identity Monitor a try for free by using their online tool to check your exposure. Simply enter your email address to conduct a password breach check and find out if your email has been exposed in any known breaches. The results will reveal whether the email address was last exposed and the total personal records that have been exposed.

Identity Monitor - prevent account takeover

What Does It Mean If I Have Been Pwned?

The word “pwned” has a surprising origin in video game culture and is a derivation of the word “owned,” accounted for by the proximity of the “p” and “o” keys on a computer keyboard. Pwned is generally used to imply that someone has been compromised or controlled in some way. For example, someone might be pwned in a data breach.

In this context, your account is usually one of many to have been compromised. In some cases, millions of email addresses and passwords are leaked during a single data breach. Not many years ago, a data breach that compromised the data of a few million people would have been considered big news. In recent years, however, breaches that affect hundreds of millions of people are all too common.

Some of the largest data breaches of the 21st century involved well-known companies such as Adobe®, LinkedIn®, eBay®, Equifax®, and Yahoo®. Adobe suffered the biggest breach to date, when in 2013 more than 153 million user records were impacted, including three million encrypted customer credit card records. After weeks of research, Adobe found that the hack also exposed customer names, IDs, passwords, and debit and credit card information. This resulted in Adobe being forced to pay $1.1 million in legal fees and an undisclosed amount to users to settle claims of unfair business practices.

Consequences of Data Leakage

One of the more serious consequences of data being exposed in the form of a pwned email or pwned password is identity theft. Identity theft can happen to anyone and lead to serious problems. This might include damaging your credit score and disqualifying you from loans. The cyberattacker could also drain your bank account or stall your tax refund, to name just a few possible outcomes. In the most extreme cases of identity theft, a cyberattacker could commit crimes in your name and get you wrongfully arrested. Proving that you were not the individual responsible for the crimes in question can be a challenging process.

Business identity theft is a unique type of identity theft that primarily applies to business owners, directors, officers, or key executives. Depending on your role in a company, you may be subject to a greater level of risk than an average consumer because your personal information, finances, and credit are so closely linked with the business. This can make you a prime target because your sensitive data is likely more valuable to a cyberattacker.

If you are a small business owner, your personal identity and your business identity may be virtually synonymous, which means that anything that impacts your company also has a direct impact on you. Despite the common misconception that small businesses are rarely targeted by cybercriminals, small businesses are often considered easy marks by bad actors. This is because, unlike larger organizations, they are less likely to be able to afford advanced, enterprise-grade security systems. Small businesses are also less likely than larger companies to employ and enforce robust password policies, making it far easier for a cybercriminal to guess account passwords.

If you are a business owner, officer, director, or key executive, pwned passwords and pwned emails could leave you unable to:

  • Meet payroll
  • Fulfill tax obligations
  • Pay bills
  • Purchase necessary equipment or supplies
  • Demonstrate compliance with regulations

As a result of any of these, you may be forced to lay off employees, pay business obligations from personal funds, pay legal fees, or make dramatic cuts to your business.

As a small business owner, pwned passwords and pwned emails could expose data that could also lead to personal liabilities. This is because most business loans, lines of credit, and credit cards require a personal guarantee from one or more of the company’s owners. If your business is unable to make the necessary payments, you may be held personally responsible. Business identity thieves often use the business owner’s personal information to open new lines of credit, or as a personal guarantee for large purchases and new accounts. Unpaid debts associated with fraudulent accounts may be sent to debt collectors, who will hold you responsible for business debt until you are able to prove that it was fraudulent.

Another unfortunate consequence of leaked data is business failure. Many companies, especially small companies, operate on thin margins and are unable to withstand significant losses. Depending on the severity of the breach and how your data is used, your business may become insolvent and be unable to continue to operate. This could have devastating consequences on your income and financial future.

Data leaks are one of the unfortunate byproducts of the digital era. While a data leak isn’t necessarily any individual’s fault, there are certainly measures that can be taken to reduce the risk of them occurring.

Pwned Passwords and Pwned Email: What Can You Do?

First, try not to panic. While having your data leak can be worrying, it is important to keep in mind that large-scale data breaches are a regular occurrence, which gives you at least some time to act and prevent further damage. Remember that gaining access to your data is just the start of a cyberattack. The key is to act before the hacker uses your data for their own gain. Here are three things you can do in the event of pwned passwords and pwned email addresses.

1.   Change Your Password

If you get pwned, change your password as soon as possible. To find out if a password has been leaked in the past, try consulting “Have I Been Pwned.” This site allows you to safely confirm whether your password or email address has been compromised in the past.

When choosing your new password, security experts recommend using long passphrases instead of a random string of letters, special characters, and numbers. Additionally, many sites support multi-factor authentication (MFA), sometimes referred to as two-step authentication or two-factor authentication. MFA asks you to provide two or more pieces of evidence of your identity to be granted access to an account. A popular form of MFA combines a password with a code being sent to the user’s mobile device or email account. Using MFA is highly recommended wherever possible.

2.   Choose a Unique Password

Studies have shown that people who use a unique password for every account they have are much less likely to be pwned. Despite this, a 2013 study found that more than half of people used the same passwords for all their accounts. This means that if a hacker manages to obtain your password, they have access to all your accounts, providing them with a goldmine of information.

The challenge of using a unique password with every account is that most online users have dozens of accounts. Remembering all those passwords can be almost impossible, which is where password management tools come into play. A password manager can suggest strong passwords and store them securely for you. Some password managers can even auto-complete them when you want to log in. Although there are certain security risks associated with using a password manager, they have proven themselves to be one of the safest and simplest ways of storing login credentials.

3.   Strengthen Your Cybersecurity

Sadly, there’s nothing you as an individual can do to prevent large-scale breaches from occurring. There are, however, ways that you can enhance your own cybersecurity defenses. Email is one of the most common attack vectors because it allows cybercriminals to distribute malware with minimal effort on their part. Even experienced computer and email users can be deceived by an especially convincing spam email, and it only takes one mistake to get pwned. One way of reducing the risk of your email being compromised is to block unwanted senders and unsubscribe from unwanted emails. Bulk email cleaning tools can help with this.

How to avoid getting pwned

Avoid Getting Pwned

There are several things you can do to avoid having pwned email and passwords, and most of them don’t require you to have any special or technical skills.

1.   Keep Applications and Devices Updated

Unsecured applications and devices that are running outdated software can provide hackers with a gateway into your system. One of the simplest ways to help avoid getting pwned is to ensure that all your applications and devices are up to date. While many applications and devices update automatically, these automated updates aren’t entirely reliable. To certify that your system is up to date, we recommend using an update checker, which will flag any applications or devices that have been overlooked.

When updating your applications and devices, also be sure to check your Internet of Things (IoT) devices. This might include a smart door lock, wireless security camera, or internet-connected thermostat.

Lastly, ensure that your anti-malware solution is performing as it should be and that it is able to meet all your requirements. If you’re not satisfied with your current solution, there are plenty of anti-malware solutions available on the market that are both affordable and comprehensive.

2.   Keep Your Email Safe

Email messages are a common source of scams and malware, which is why it is key that you are practicing email protection habits. This involves paying close attention to all the emails you receive. If anything looks suspicious, the email could contain malware. If you’re not sure if an email is safe or not, consider the following:

  • Do you know the sender?
  • If yes, do you consider it to be normal that they have sent you an email?
  • Does the subject line look legitimate?

If the answer to any of these questions is “no,” then the email is likely to be a scam. If you are still in doubt, review the email address and subject line to see if you can garner any further information. If, for example, the email is claiming to be sent from a company, type the company name into a search engine and confirm whether it is real. If the company does exist, locate its contact details and compare the email address domain to the email address of the sender. Scam emails often use a variation of an authentic address to convince the receiver that the email has been sent by a legitimate company or individual.

SolarWinds Identity Monitor

SolarWinds Identity Monitor is a breach exposure monitoring tool that can help you mitigate the risk of pwned passwords and pwned email, in addition to helping you react quickly and efficiently when credentials are exposed.

Identity Monitor allows you to create a credential exposure watchlist, so you can monitor your email domains for exposure on a continuous basis. This tool then notifies you whenever your credentials are identified in a data leak and lets you force a password reset for any at-risk accounts. Identity Monitor also provides remediation advice when your details are exposed, so you can take the appropriate steps as quickly as possible.

In addition to monitoring the exposure of email addresses, Identity Monitor can also monitor IP addresses for possible malware, informing you when your IP address shows up in botnets and breaches. Another benefit of Identity Monitor is that it allows you to monitor key employees’ private email credentials, helping you prevent hacker attempts to take over employee accounts.

Identity Monitor is a user-friendly and comprehensive tool that comes highly recommended. If you want to give it a try, you can check your email address exposure here.

Protecting Yourself from Getting Pwned

If you’ve ever had your password or email pwned, then you are one of many. A huge number of people become victims of large-scale data breaches every day, and even more get pwned by email spammers. Implementing the advice in this article is a good starting point for protecting yourself from getting pwned. To help achieve maximum security, however, we recommend implementing SolarWinds Identity Monitor.


Related Posts