Nowadays if you want to do anything online, you will need an account with the site. The reason being is that “it makes life easier for you”. Others will argue it’s to track your every move and sell your data to the highest bidder.
Take Amazon for example. You might not want to constantly enter your credit card details and your delivery addresses every time you want to purchase something. Instead, your setup an account and save the details to the account. You can then use their handy feature called “Buy now with 1-click”.
For this to be possible, this information needs to be stored on the company’s infrastructure. Whether it be cloud or on-premise, it doesn’t really matter. What does matter is how they secure this information. Now you’re responsible for your own account, so your password, security questions and any 2-factor you setup. They however are responsible for making sure that all their customers information doesn’t fall into the wrong hands.
Because no one can be 100% secure, it will at some point fall into the wrong hands. Let’s be honest. Below is a snippet taken from Information Is Beautiful and shows the world’s largest data breaches to date:
Now that you understand that at some point your credentials will be leaked, what can you do?
Simple, check and re-secure the account. If we are talking enterprise accounts, you are obviously going to do more but for now, let’s focus on the little guy.
If you feel like your something is going on with your account or are just curious, there are a vast number of sites and tools available to you and me. Yes, some charge but for basic checks, it’s free.
Below are a few sites in which you can check if you have had your credentials stolen/leaked.
Email Rep: https://emailrep.io/
Although EmailRep isn’t designed to highlight breaches, it will let you know if the account has been involved in one. It will also tell you a bit more information such as which sites use it.
We Leak Info: https://weleakinfo.com/
WeLeakInfo allows you to search for a range of account information to see if it is present in any known breaches. When breaches occur it’s not always email addresses that have been stolen. Hackers may have a copy of your username which they can sell on or use.
Unfortunately, if you did want to view a bit more information, a fee is required.
Database today: https://databases.today/index.php
If you didn’t want to pay, you could use Database today. You might not get all the breaches you would from WeLeakInfo but you might get the one you were present in. For this site you are not searching you name but rather the company of the breach. For instance, if HaveIbeenpwned said my account had been stolen in the Myspace breach, I would search DatabaseToday for Myspace, like so:
Hunter IO: https://hunter.io/
This is for more company owned domains than personal. Here you can search your companies email domain and see if any addresses are visible or known. These accounts are most likely present on social media, business or company owned sites. Although it blanks out some of the address, you could probably figure it out. Especially if it’s your company. This isn’t mine but I imagine that’s Tom Blakely.
If you expand the source, it will give you links to the sites that have your email on display.
Have I Been Pwned: https://haveibeenpwned.com/
Probably the most famous of them all. Created by the very clever Troy Hunt. Here you can search your email address and it will let you know if you appear in a breach.
There is also a cool feature which will alert you should you be visible in any future breaches:
Ghost Project: https://ghostproject.fr/
Unlike the others, Ghost Project will give you a sneak preview of the passwords that have been stolen with the account. Since it’s yours, you could probably figure out:
Spycloud gives a small brief description about the breaches you are in and for when it last occurred. For more information you will have to spend a little money.
BreachAlarm is another free site which will let you know if your account has been involved in a breach. It will also let you know how many times it’s been compromised:
Hacked emails will let you search for past breaches. Here you could test a few sites you know you use. Especially if your company uses it a lot.
Once you found the site for example, you can search to see if your domain is high on the list.
Obviously if this is a massive one. It will mainly be Gmail but if you do see your company domain on there, you can panic a bit.
If you have Linux setup, you can use a tool called WhatBreach. To get things going you run the following:
git clone https://github.com/Ekultek/WhatBreach.git
pip install -r requirements.txt
python whatbreach.py -h
Once installed, you can run a quick query on your account:
Python whatbreach.py -e [email address] -d
To stop yourself from being blocked, you can use the –throttle 35 flag. If you have been compromised, you can try and view the breach on Dehashed. Here you can search for the breach or use you email address.
To view more information, you will need to pay a small fee.
If you do check and find that your credentials have been stolen, it’s advised to do the following:
- Identify what account has been breached and compare the credentials against importance services which you use. For example, if your account has been leaked/stolen for LinkedIn and you use the same password as you do for your banking, it’s best to change it asap.
- If it’s not important, still change it. Come on, it’s your and it will only take a minute.
- If you haven’t already, enable MFA for all accounts. The risk is still there but at least you would be prompted if they do attempt to access your account.
- Pass on the message to a friend or family member. If you think they may be affected, it’s worth mentioning it to them. You may help prevent them from being attacked.
The second point is quite important, and I will tell you why.
A while back, I received several emails from “Hackers” saying that they had stolen my credentials and hacked my email account. Every email said that they had saw all the sites I had been on and that they had hacked my webcam. They demanded money, or they would share with all my friends and family members.
It looked convincing as they had spoofed my email and had included the password which was indeed one of mine. Unfortunately for them though, I knew where I used that password and knew it wasn’t from my email account. The reassuring factor in all of this was that I knew they didn’t have access to my email account because I have MFA setup. Even if the password was correct, MFA would have alerted me to any attempts they made. MFA is simple to setup and most sites have guides.
There should be no excuse not to do this, especially for important sites: https://ctrlaltdel.blog/2019/06/20/why-securing-your-email-account-is-important/