Monthly Archives: December 2015

Sites to Check if your email has been compromised in a data breach


Have you heard about the data breach? Is data leaked online and public? Are you a member of the website and want to know that you are a part of a leak?

Then these sites will help you to know.

  1. haveibeenpwned.com

hibp

The site allows you to enter an email address to see if it is compromised in a data breach for free of charge. It is developed by Troy Hunt, a Microsoft MVP awardee for developer security, international speaker and the author on Pluralsight.

If your email is not compromised, then you will get such message.

hibp-check

No pwnage

Otherwise, you will see details of the pwnage.

hibp-check-fail.png

Pwnage found!

The site also provides a free notification service through email, if the future data breach occurs and your account is compromised.

hibp-notify.png

If you want to find emails on a particular domain, you need to go through the verification process.

hibp-domain

It also provides an API which allows the list of pwned accounts to be quickly searched via a RESTful service.

2. breachalarm.com

Breach-Alarm.png

The site provides a service that allows you to check if your email has been posted online, and sign up for email notifications about future password hacks that affect you.

Once you enter your email id, it will show you message on the screen saying they will record your IP for records.

Breach-Alarm-check.png

If your email is not found in the leaks then you will get an appropriate message.

Breach-Alarm-check-safe

Otherwise, you will see a generic message with the date of the recent breach.

Breach-Alarm-check-fail

The site provides “Email watchdog” service which falls in 2 categories.

Individuals and Families where they cover the number of email Id(s).

Breach-Alarm-paid

Business where they cover a domain. Companies that subscribe the service are notified when any of their email addresses appear in a data breach.Breach-Alarm-domain.png

They also provide API which enables third parties to check the breach status of email addresses or domain names. It is a paid service.

3. pwnedlist.com

pl-site.png

Before using the service, you need to do sign up.

pl-site-signup.png

Once you verify your email id, your email will be added into the watchlist. You can then monitor up to 3 email Ids at no charge.

pl-site-watchlist.png

There is no way to know whether you have been compromised in the existing data breaches.

Please comment down here if there are any similar services, I’ll review and add them to this post.

I’ll say that data breaches will happen, but you always try to secure from your side. I’ll recommend using strong and unmemorable password for each account. Use password managers like Keepass, Lastpass, 1password etc to keep track of all that information. Wherever possible turn on 2 step authentication. Use services like Abine to mask your email id and use it on the sites you don’t trust.