Have You Been pwned?

www.haveibeenpwned.com is a website that allows internet users to check if their personal data has been compromised by data breaches. It was launched in 2013 by security expert Troy Hunt to raise awareness to data breaches that happen so often. The term “pwned,” often used in video games, suggests someone’s control or compromise. In simple terms, it means that your personal data has fallen into the wrong hands through hacks or leaks. This invaluable service operates solely on donations, offering free access to its extensive database. As of September 25, 2023, it has cataloged 705 pwned websites and 12,681,487,304 pwned accounts.

Why Do Websites Have Data Breaches

According to Kaspersky, the vast majority of data breaches stem from stolen or weak login credentials. Once cybercriminals decipher the combination of usernames and passwords, they gain unhindered access to networks. Although small to medium-sized businesses (SMBs) are often targeted, major corporations have also fallen prey to these malicious actors. Below are the primary reasons behind data breaches:

• Weak Security Practices: Companies lacking robust security protocols are more susceptible to data breaches.
• Lack of Awareness: Employees may not stay up to date with the latest cyber threats or know how to safeguard themselves.
• Budget Constraints: Small and medium-sized businesses may struggle to allocate resources for comprehensive security solutions.

Popular Data Breaches

Haveibeenpwned.com continues to provide daily updates with the most recent data. One of the latest cyberattacks added to the website occurred on September 20th. Remarkably, this breach initially took place in 2016 and remained concealed for seven years before hackers decided to sell the information in September 2023. They managed to acquire 363,000 unique email addresses, along with usernames, IP addresses, dates of birth, and salted MD5 password hashes. The most substantial breach to date, “Collection #1” occurred in January 2019 when a vast collection of email addresses and passwords surfaced on a notorious hacking forum. This compilation included over 2.7 billion records, encompassing 773 million unique email addresses and associated passwords. In addition to these incidents, major corporations such as Facebook, Comcast, Domino’s, and LinkedIn have also fallen victim to data breaches.

What to Do if You’ve Been Pwned

If you discover that your data has been compromised, take the following steps to safeguard your information:

1. Reset Your Password: Change the password associated with the affected email or account immediately.
2. Enable Two-Factor Authentication (2FA): Enhance your account security by enabling 2FA, which provides an extra layer of protection even if your password is leaked.

Seek professional guidance if this happens to your business. Contact us at PivIT Strategy to assess the extent of the damage and receive supoort on preventing future breaches. Once your information has been exposed, there’s no turning back, so it’s crucial to act swiftly to protect yourself.