Hacking, malware, and phishing attacks are just some of the ways your private accounts can become compromised. When they are, your personal data is exposed — including your private communications and financial information. That makes the theft of these credentials big business for cyber criminals. After all, in the digital age, nothing is more valuable than your data.
The most clear example of this is the big tech data economy. Companies like Google or Meta hope to mine relevant data from your age, location, and online activities — information we willingly give up through accepting the terms of service that allow us to make use of their search or social media platforms. This will typically be used to target you with more relevant ads, and is generally seen as a fair compromise to make use of their services for free.
However, there exists a darker side to the data economy that profiteers off of the private data of users, sold and traded across the darker corners of the World Wide Web. In these places, your private information (typically compromised through unethical hacking and phishing methods) can be used as a launch pad for further illegal activities like identity theft or to gain access to your financial information — and it all starts with your username and password.
How to check if your email or password has been compromised
Lists of user credentials sold and traded online can contain millions of entries, with one of the largest data breaches like this containing username and password information for over 727 million accounts. As of 2022, it's estimated that there are over 24 billion credentials circulating on the dark web and online.
Recent examples of these data dumps include the 100,000 OpenAI accounts that were compromised and sold on the dark web last year. More recently, a cache of user credentials was uncovered containing the usernames and passwords of over 70 million users across sites like Facebook, eBay, and more.
Data dumps like this pose a significant threat to anyone with an online presence, no matter how big or small. That's why it's vital that services exist to help inform you if your information is currently circulating within them.
Below are some of the options available online that provide such services.
1. HaveIBeenPwned.com
Credential breach repository "Have I Been Pwned?" is one of the most expansive and up to date libraries of compromised email addresses online. It currently holds records of nearly 13 billion emails that have appeared in data breaches.
After navigating to the website, enter your email into the search bar and hit search to check if it features in any known breaches. If it does, the site will inform you of which breaches, and when.
This information is vital to tracking where your information became compromised, and how long ago it happened. If it was recent, then a change of password is urgently needed.
2. Hasso-Plattner-Institut Identity Leak Checker
Similar to "Have I Been Pwned," the Hasso-Plattner-Institut is another credential breach repository with over 13 billion compromised accounts tracked across nearly 2,000 data dumps.
Every day, Hasso-Plattner-Institut adds over a million compromised accounts to its records and is the most comprehensive lists available online. To check if your information is found in this database, you'll need to enter your email address on the HPI Identity Leak Checker page.
Unlike "Have I Been Pwned," the results of your search will be sent to the email address in question, where you'll be informed of any threats including where they came from and when.
3. Leakpeek.com
LeakPeek has a smaller library of data breaches to its name, but it does offer an expanded search that includes usernames, passwords, phone numbers, full names, and even images of your face.
The LeakPeak database is still over 8 billion entries strong, and the ability to search by username or password can help you gain more insight on how to better protect yourself and your data online.
If you use the same password across multiple logins, then being able to check if that is a part of the compromised data lets you know its time to retire it and start over with something fresh and more secure.
Using the LeakPeek website is similar to "Have I Been Pwned" and the Hasso-Plattner-Institut. Simply navigate to the Leakpeek homepage and select your search option, before entering your email, username, password, or full name into the search box and hitting search.
