How to check if your password has been stolen?

Evgeny Pozdeev
UDAPTOR
Published in
2 min readJun 4, 2020

British Airways, MyHeritage, Equifax share as far as we know at least 1 thing: they have claimed that after hacker attacks passwords of almost 240 million (!) users became available to be bought on the Dark Web. And those are cases when this accident became public, the total number of all passwords leaked is most likely waaaaaaaaaay larger.

Since those passwords were leaked, it doesn’t really matter if you had a strong password or yet another ‘qwerty123456’: if the company didn’t manage to hash passwords or add a so-called salt (a technique for storing passwords), the access to the company database will basically compromise all passwords. However, many companies today provide users with an extra level of security. To name a couple of them, we have two-factor authentication and the ability to “subscribe” to logins to your account.

But is there a way to check that your password is not in the “happy list” of passwords on some DarkWeb store?

There are several resources where you can actually type in your email and see if the password was leaked. They are based on different sources (e.g. Dark Web or Pastebin)
1) https://haveibeenpwned.com/
2) https://hacked-emails.com/
3) https://breachalarm.com/

Enable Password Leak Detection, a tool on Chrome: pretty much the same mechanism as in the previous option, but it’s built-in into your browser and managed by Google. To make it work just type in your browser bar: chrome://flags/#password-leak-detection, and change from ‘Default’ to ‘Enabled’

This is the third and last post regarding passwords! We saw quite a rise in your activity, so our team would be happy to prepare more engaging materials — for example on how two-factor authentication works or what is password hashing and salt. What do you think? Any topic that you would like to hear about? Hope you enjoyed our posts about passwords!

--

--