Have You Been “Pwned”?
We always seem to be talking about another security breach or hacked web or email accounts and so on. Many of us have multiple email addresses and it would probably be good to know if any of our many different email addresses have been hacked (or pwned).
You pronounce pwned as p-owned as it is an abbreviation of professionally owned. “Owned is a slang word that originated among 1990s hackers, where it referred to “rooting” or gaining administrative control over someone else’s computer. The term eventually spread to gamers, who used the term to mean defeat in gaming.”
Here’s a free website that will search your email address and report when and where your email was “pwned”. This site will even notify you when future pwnage occurs and finds your email account has been compromised.
What is the site all about?
This site came about after what at the time, was the largest ever single breach of customer accounts — Adobe. Post-breach analysis of user credentials kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
The FAQs page goes into a lot more detail, but all the data on this site comes from publicly leaked “breaches” or in other words, personal account data that has been illegally accessed then released into the public domain. Have I been pwned? aggregates it and makes it readily searchable.
Why build the site?
This site serves two primary purposes: firstly, it obviously provides a service to the public. Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur. By aggregating the data here, it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet. Secondly, the site provided its developer, Troy Hunt, with an excellent use case for putting a number of technologies through their paces and keeping his hands-on skills somewhat current.
Who is behind Have I been pwned?
I’m Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.
I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today’s modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!