With data breach disclosures now almost a weekly occurrence, it’s becoming difficult to keep track of all the sites where your personal account details may have been exposed. Fortunately, there are several databases on the web where you can easily check.
Despite its hacker-slang name, HaveIBeenPwned is a very user-friendly site that aggregates leaked account data from over 200 compromised sites. They have cataloged over 2 billion leaked accounts and also monitor across thousands of “pastes” on the Dark Web – the bulletin board posts hackers often use to sell stolen data.
LeakedSource also aggregates leaked accounts data – over 2 billion accounts to date. A simple search by email address or login will reveal if the account has been compromised, when, and what data was included. You can even sign up to receive an alert if your information shows up in future leaks.
What to do if your account was stolen
If you discover that your account has been leaked, the next step is to ensure that you have changed your password since the the leak had occurred. Remember to avoid reusing passwords across multiple accounts to prevent credential stuffing attacks.
Keep in mind that it may take several years after the breach for the organization to become aware of and disclose the loss. This tool is not meant to replace good account security practices: create strong unique passwords for each account and use two-factor authentication if it’s made available by the service provider.