Pawned Accounts

Hi. Craig Peterson here with a blink into the stolen account business, also known as “Pwning.” [Prounced “poned” as in p-owned]
 
 
Pwned means that your account has been the victim of a data breach. Your username and password have been stolen from a third-party.
 
 
There’s an easy way to find out if your account login has been stolen. Troy Hunt started and still maintains, a web site called haveibeenpwned.com
 
 
He’s collected the records of almost 10 billion user accounts from the Dark Web. Think about that for a minute. If you have an online user account, the odds are that your account data is online.
 
 
And the bad guys are using this same information they’re finding on the Dark Web to send you phishing emails. Recently that’s included “ScareWare” emails threatening to release some information about you if you don’t pay a bitcoin ransom. To prove their point, they’re including your email address and password that they found online. I’m contacted by listeners every week because these emails are scary, but are best ignored.
 
 
How do you find out if you’ve been a victim of a data breach? Although it’s safe to assume that your information has been breached, you can just go to haveibeenpwned.com online.
 
 
Troy will let you enter your email address, and will search his database to see if your account information has been stolen. If he finds it, he’ll let you know which breach contained your information.
 
 

What to do?

 
Get 1Password. It’s the best password manager. Use it to automatically generate a new password for every online account you have.
 
1Password will also let you know if your new password or account gets compromised online.
 
 
 

How to protect yourself against being ‘pwned’?

1. Never use the same password for multiple site logins.

By using the same email and password combination, you are giving a key to hackers to enter every account that uses them as your login credentials.

Don’t give them entrance to everywhere because they were successful on one site. 

2. Make sure your new passwords are robust in quality

Don’t make a hacker’s job easy. 

You can find random password generators on-line. 

My preference is to use a password manager. 1Password is the one I recommend. It allows you to create secure passwords and store them securely.

Never forget a password or login again and keep hackers out of your accounts.

3. Enable 2-factor authentication

Enabling 2-factor authentication (2FA) makes the process logging into accounts more secure. 

Adding another layer to your security is the purpose of two-factor authentication. 

My favorite two-factor authentication tool is DUO. You can find it by clicking here. https://duo.com

4. Change passwords regularly

I recommend that you change your password at least once every six months. 

It will protect your account info compromised through data breaches in the future that might put you at risk.

To Check if Your Email Address is available to hackers and cybercriminals go to Have I Been Pwned 
 
To Check if Your Password is available to hackers and cybercriminals go to Have I Been Pwned/Passwords