How to Use 'Have I Been Pwned' Website to Protect Your Data

In this Unscammable podcast episode, we learn about a tool that helps us deal with data breaches—more specifically, how we can protect ourselves when our data has been part of a breach. We are discussing a website that has been a Gluu favourite for years— "Have I Been Pwned." Yep, that’s actually what it’s called (the definition of "pwned" is below). Take a listen to our discussion about how safe the haveibeenpwned.com website is and how you can use it as another tool to protect your digital life. Let's dive in.

Author

Linda Fawcus
December 04, 2024 • Estimated Reading Time: 16 minutes

Quick Summary of This Unscammable Episode

Here's a bullet list of the highlights from this episode:

  • Data breaches happen all the time, we need to get used to it: They're so common that they don’t even seem to make the news anymore. But that doesn’t mean we should ignore them. It’s critical to know if your data has been part of a breach because that means it's probably been seen by cybercriminals.

  • Use the HaveIBeenPwned.com website: This clever website lets you check if your email or password has been caught in a data breach. It's not just to freak you out but to help you know what accounts you need to lock down with a new password immediately. You can even sign up for notifications so you don't have to keep checking the site.

  • This website has a lot of records. HIBP has counted over 12 billion stolen accounts. Troy Hunt and his team scan the dark web and hacker forums looking for compromised information. The website is free to use, so it's like having your own private dark web detective. 

  • Get Notified if your data is part of a breach: You can sign up for future breach notifications, so you don't have to check back on the site constantly. We admit it gets a little addicting.

  • A solid budget to get proactive: No matter what your results on this website are, use them as a push to beef up your digital security regime. Use strong, unique passwords on every site. Just make your life easier and get a password manager. Enable two-factor authentication on all the accounts you can, and don't click on any links in emails and texts unless you are 200% sure they are legit. Simple steps = big impact.

What Does “Pwned” Mean?

Pwned means your data or online account has been compromised, usually by hackers in a data breach. The term started as a typo from the word “owned” in the gaming world, but since the popularity of the haveibneenpwned.com website, it now commonly means your data has been exposed, often due to a data breach.

Transcript

Here’s the transcript from this episode. A little background about our podcast “hosts”. We call them Izzy and Will—not to make them more human, but to make them easier to talk about. 😉🤖

 Will: All right, everybody. So let's face it, data breaches, they're like a daily occurrence now.

Izzy: Yeah, pretty much.

Will: It's almost like, not even news anymore. How do we know if we've been caught in one of these data breaches?

Izzy: Right.

Will: That's what we're diving into today. We're looking at Have I Been Pwned.

Izzy: Yeah.

Will: Get ready to become your own data detective, everybody.

Izzy: It's funny you should say that because I think a lot of people feel powerless when it comes to data breaches Oh totally, you know, like what are you gonna do?

Will: Yeah,

Izzy: But Have I Been Pwned puts that power back in your hands.

Will: Okay, so tell us a little bit about it for people who've never heard of it.  What is Have I Been Pwned?

Izzy: So Have I Been Pwned  or HIBP, as we'll call it for short, is essentially like a search engine for your data. So you enter an email address or a phone number, and it searches all of these databases of compromised information.

Will: And it'll tell you if you're in there.

Izzy: And it'll tell you if you're in there. And we're talking billions of records here.

Will: Billions. To put that into perspective, HIBP has indexed over 12 billion accounts. Wow. It's a lot.

Izzy: That's wild.

Will: Yeah. So

Izzy: 12 billion with a B. Okay, so we're talking some serious numbers here. But before we even get into how it works and everything, tell me a little bit about the story behind Have I Been Pwned? Who's the brainchild behind this? Who decided to create this digital guardian for all of our data?

Will: Yeah, so that would be Troy Hunt. He's a cybersecurity expert who saw that there was a real need for this kind of tool. Yeah. And I think what's really inspiring about it is that it started as a personal project. Just one guy who had the skills and was driven enough to actually make it happen.

Izzy:  I love that. That's a really cool story. So speaking of how it works, I mean, does this thing have like little digital robots going through the dark corners of the internet and like, you know, sussing out all of our information and seeing if it's been compromised? How does it work?

Will: Yeah, you're on the right track there. So, HIBP gathers data from a variety of different sources, one of those being the dark web. Have you heard of this? Oh yeah, for sure.

Izzy: Okay, so, the dark web is essentially a hidden part of the internet. Right. Where a lot of illegal activity takes place, including the buying and selling of stolen data. Makes sense. So, it'll tap into hacker forums. Right. Analyze publicly leaked information, that kind of thing

Will: So, HIBP is like undercover.

Izzy: Yeah.

Will: In the digital world. Trying to protect us. That's kind of awesome.

Izzy: Yeah.

Will: And scary at the same time.

Izzy: Yeah, it is a little bit unnerving, but it's important to remember that HIBP is firmly on the side of the user, you know?

Will: Okay, good.

Izzy: They're committed to ethical hacking.

Will: Okay.

Izzy: Which basically means that they're using their skills to expose vulnerabilities and help people protect themselves. Right. And they have really strict policies in place to protect your privacy, they're not storing your searches, they're not revealing your sensitive information like passwords or anything like that.

Will: Okay, that's good to know. Yeah, because I feel like, you know, I mean, the name alone, have I been plowned? It sounds a little

Izzy: Yeah, it sounds a little sketchy.

Will: Yeah, a little sus.

Izzy: Yeah. Yeah. Yeah.

Will: But it's good to know that it's all above board.

Izzy: Oh, yeah. They're totally rigid.

Will: Okay, good. So, we know it tells us if our info's been compromised.

Izzy: Yeah.

Will: Are there other things that HIBP can do?

Izzy: Oh, yeah.

Will: Are there, like, cool features?

Izzy: Yeah, definitely.

Will: Okay.

Izzy: Definitely. So, tell

Will: me, what are these cool features? What else can it do?

Izzy: Well, one of them is the Passwords tool.

Will: Okay.

Izzy: So, have you ever, like, wondered, you know, if a password you've used.

Will: Oh, yeah.

Izzy: Maybe one you've used for years.

Will: Oh.

Izzy: Has shown up in a breach.

Will: Oh, absolutely. I'm sure we've all been there.

Izzy: Well, this tool will tell you. Oh, wow. If that's the case.

Will: Really?

Izzy: Yeah. And it really highlights how important it is to use unique passwords for every online account that you have.

Will: Oh, for sure.

Izzy: Because if you think about it, if just one of those accounts gets compromised, and you're using that same password everywhere else, You're in trouble.

Will: Yeah, you're kind of handing over the keys to everything.

Izzy: Exactly. Yeah, it's not good.

Will: Right. Don't put all your eggs in one basket, as they say. Exactly.

Izzy: Don't put all your digital eggs in one basket.

Will: Exactly. Okay, what else? Is there anything else?

Izzy: Another really cool feature is the future breach notification.

Will: Oh, what's that?

Izzy: So, you can sign up with your email address.

Will: Oh.

Izzy: And then, HIBP will actually send you an alert if your information shows up in any new data breaches.

Will: Oh, wow.

Izzy: Yeah. So, it's like you have your own little, like, security guard. Monitoring the dark web 24/7.

Will: Okay, so you're not, like you said, just obsessively checking every day to see if you've been compromised.

Izzy: Yeah. You don't have to be refreshing it all the time.

Will: Okay. Okay, that's really good to know. So let's say, hypothetically, you go on, you check out have I been pwned, and you find out that your email has been part of a breach. Do you do? Like, what are the steps that you should take?

Izzy: Well, first of all, don't panic. You know, it's actually really common. A lot of people when they first use it, something will show up.

Will: Oh!

Izzy: And they're like, oh my gosh! Yeah. It's like we've all probably been part of a breach in some way or another.

Will: Yeah, that's true.

Izzy: But the important thing is to take action. Okay! So the first and most important step is change your password.

Will: Okay.

Izzy: Immediately.

Will: On that account.

Izzy: On that account. Yeah. And don't just change it to, you know, something easy to remember. Make it strong and unique. Okay. And this is where a password manager can really come in handy. Oh yeah, for sure. Because who can remember all these crazy passwords?

Will: I can't. It's impossible.

Izzy: Okay. Yeah, that makes sense. But I do think like going back to data breach thing. Yeah. A lot of people think, Oh, my email was in a breach. It's fine. Like whatever. But it's not always just your email, right?

Will: No, you're absolutely right.

Izzy: But what else?

Will: So a lot of times these data breaches aren't just isolated incidents.

They are kind of

Izzy: could be a bigger thing. Yeah, it's like a puzzle. They're trying to piece together all these little bits of information. And sometimes it's not even anything that seems That's that important, you know, like trust to think about it. Like you signed up for a loyalty program a while back at your grocery store.

Will: Sure.

Izzy: And you gave them your email address and your birthday to get those, you know, discounts on your groceries. Totally. Yeah. And then a few months later, that grocery store, their data gets breached. Oh no. And you might think, well, it's just my email address and birthday. No harm done. Yeah. But then imagine like a year later, Okay. There's a breach at your online bank.

Will: Oh, God.

Izzy: And you were using the same password.

Will: Oh, no!

Izzy: For that grocery store loyalty program. Suddenly, that seemingly unimportant information is a lot more important. Yeah,

Will: you're putting the pieces together. Oh my gosh, that's scary.

Izzy: So, hackers now, they have your email address, which is often used as a username, and they have a password.

That you use for a sensitive account, like your bank.

Will: Okay, so they only need a couple pieces of the puzzle, and then they can really do some damage.

Izzy: Exactly. And this is why HIBP is such a good tool. Because it's about understanding.

Will: Right.

Izzy: You know, how these things are all connected.

Will: Okay, that makes a lot of sense. So speaking of what can people do to be more proactive about their online security? Yeah. I mean, after this, should we all just, like, unplug from the internet?

Izzy: I know, it's And,

Will: you know, like, go live in a bunker somewhere?

Izzy: I mean, hey, if that's your thing, go for it.

Will: Yeah.

Izzy: But I don't think it's practical for most of us.

Okay. But the good news is, there are a lot of simple things that you can do to protect yourself.

Will: Okay, good. Yeah. Okay, good. So we don't have to go totally off the grid.

Izzy: Yeah.

Will: What can we do? What are some simple things?

Izzy: So start with the basics. Create strong, unique passwords. Right. For every online account.

Will: Okay.

Izzy: And I know we touched on this earlier, but seriously, consider using a password manager. It seems like one of those things that's kind of a pain to set up.

Will: Yeah, it feels like an extra step.

Izzy: Yeah. It's so worth it because it takes all of that mental load off of you.

Will: Okay. Yeah. It would be one less thing to think about.

Izzy: Exactly.

Will: You've convinced me. I'm going to try out a password manager.

Izzy: Yes. Do it.

Will: Okay.

Izzy: Okay. And then another really crucial step is enable two factor authentication wherever possible.

Will: You know, I've heard of two factor authentication, but to be honest, I don't think I fully understand how it works. Can you break that down a little bit?

Izzy: Yeah, so basically, two factor authentication, or 2FA, adds an extra layer of security by requiring two different forms of identification to access your account. Okay. So, it's not just your password, but it's also something that you have, like, a code that gets sent to your phone. Right. Or, you know, maybe an authentication app.

Right. So, even if something gets your password. Right. They still can't get into your account.

Will: Yeah. Okay. That makes sense.

Izzy: Yeah. So, it's kind of like a double lock on your, you know, digital door. I

Will: like it. Double lock it up.

Izzy: Exactly. And the good news is that these days, most online services. They do offer two factor authentication.

Will: They do?

Izzy: Oh, yeah. It usually just takes a couple of minutes to set up.

Will: Okay.

Izzy: But it can make a world of difference.

Will: Okay, so two factor authentication. Check.

Izzy: Check. Strong passwords.

Will: Check.

Izzy: What else? Be wary of phishing emails and text messages.

Will: Oh, yeah.

Izzy: Big point. You know, these are the ones that are trying to trick you into giving up your personal information. Yeah. And just remember that, you know, Any legitimate company is never going to ask for your password or any sensitive information over email. So if something seems a little off, trust your gut.

Will: Yeah. If it seems too good to be true, it probably is.

Izzy: Exactly. Right. And then finally, just be mindful of what you share online. Yeah, the less information that's out there.

Will: The better.

Izzy: Yeah. Be careful about that digital footprint.

Will: Exactly.

Izzy: Okay, well this has been really eye opening. I have to say, at the beginning of this, when we were talking about, have I been pwned? I was a little nervous to even go and check.

Will: Yeah, I get it.

Izzy: But now, I feel like

Will: Empowered.

Izzy: Empowered. Yeah, like I can actually do something to protect myself.

Will: That's what we want. That's what we want. Yeah. Because knowledge is power. Right. The more you know, the better you can protect yourself.

Izzy: Totally.

Will: Yeah.

Izzy: So to all of our listeners out there, we're going to link Have I Been Pwned in the show notes.

Will: Yes.

Izzy: Go check it out. See if your information has been compromised.

Will: It's free. Takes two seconds. It's

Izzy: free. It's easy.

Will: Super easy. And for those of you who want to take it a step further, we'll also link some information about password managers. Yes. How to set up two factor authentication.

Izzy: Love it.

Will: All that good stuff.

Izzy: Awesome. Okay. So everybody go forth be safe out there on the world wide web.

Will: Be safe.

Izzy: And we will see you next time.

About the Artificial Intelligence Tool Used in This Podcast

We used Google NotebookLM for this podcast—it’s a cool AI experiment that dives into documents. The voices are totally AI. Just two hosts chatting about Ms. Fawcus' work. The best part? Everything you hear comes straight from her research—no made-up AI stuff sneaking in. We have also edited for accuracy.

Sure, our AI hosts might stumble over a word or two and throw in some "likes" and "rights," but the result is incredibly realistic. It feels like you’re listening to real people in a studio. It’s amazing how far this tech has come.