Have you been pwned? (Relax, old people, that's really really old slang for "owned", which translates in modern-geek to "hacked")
In just the last few weeks of 2016, millions of passwords have been leaked across the net. I'm sure someone has a list somewhere, but I can think of the following just off the top of my noggin:
- MySpace - 360 million usernames and passwords stolen.
- LinkedIn - 165 million usernames and passwords stolen.
- Gmail, Yahoo, Outlook.com - 273 millions usernames and passwords stolen combined across these services.
- Tumblr - 65 million usernames and passwords stolen.
- Twitter - no major system wide hacks, but thousands per day.
- Facebook - hundreds of thousands per day are hacked.
The smart thing to do, if you use one of these services, is to change your passwords whether you think you were hacked or not. But what if your login credentials were stolen in another hack, such as the Adobe hack a couple years back. I was... don't look shocked. If hackers can gain access to certain parts of a system that's not properly secured, they can get ALL KINDS of information. Your password being super strong doesn't do you any good if someone actually knows what it is. That only helps if they're trying to guess what it is, but if they have your name, email, and password on a list they paid for off the darknet, your security is pretty much toast.
Here's my own pwnage results from my work email account:
Yup, apparently my work email login and password was stolen when Adobe was hacked back in 2013.
How to know if you've been pwned?
Rule #1: Always assume you were and change your passwords.
Rule #2: Don't be so ignorant as to use the same password for any two sites. If you do, you deserve whatever is going to happen to you. Seriously... it's 2016. Wake up.
You can check to see if your email account or username was breached in any of the majorly publicized hacks on sites such as:
Simply enter your email address or username and press the "pwned?" button. This will compare your info to the list of website hacks these guys have downloaded and accumulated. If you email appears, they'll even tell you what hacks you were affected by, so you know for sure what accounts to keep an eye on.
Here is a screenshot of my own account on LinkedIn. Sure enough, my account was compromised in the breach last month! (Time to go change passwords again)
If you're feeling curious, enter your friend's/spouse's email addresses and see what hacks they were affected by while you're at it.
Just a public service announcement from the guys here at Twisted Networx!
