Haveibeenpwned.com is a website that allows us to verify if our email has been compromised by any theft of information that also leaves the password exposed. It is based on the attacks that different companies such as Adobe, Yahoo and Sony have received in recent times, which in total affected more than 150 million users.
The tool was created by researcher Troy Hunt and only verifies if the email address was in any of the stolen databases that were later published on the internet. If so, any attacker could have access to the password for that account and if it is the same as that used in other services, you can imagine what might happen.
In fact, when Troy started creating the site, comparing the data, he detected that many of the users repeat the passwords in the different services. For example, 59% of affected Yahoo users used the same password on their Sony accounts.
These major attacks and thefts of information have occurred in the last 3 years, the most recent being that of Adobe where 153 million accounts were compromised. The problem was so serious that even companies like Facebook forced users to change their passwords if they detected that they used it in the stolen Adobe account.
Haveibeenpwned.com is not the only tool in its class, some security companies also released theirs at the time so that users can quickly verify if their information is among the stolen data.
Lastpass, the renowned password manager, also published a website lastpass.com/adobe/ where, based on the stolen information from Adobe, we can verify if we are one of the victims:
It even informs you how many people used your same password in their Adobe accounts and sent it to you by e-mail in case you didn't remember it.
In my case this functionality came to me like a finger because I had an Adobe account that I did not use years ago and did not remember the password. In this way I was able to retrieve it easily and since I did not use it in any other internet service I did not have to worry too much.
The interesting thing about Haveibeenpwned.com is that collects emails from various databases, not only that of Adobe and in the future the creator plans to continue adding more. It is clear that if one never made an account in these services that were attacked, there is no reason to worry, but when in doubt, the tool can be very useful.
At the same time it could be used with malicious intent, although it does not store passwords, an attacker could quickly check if their victim's e-mail is exposed and then it would be a matter of searching the internet for complete databases to download them.
This is one more reason why avoid using the same password for everythingWell, if they steal one, they can end up hacking us all our lives on the internet. At least different passwords will have to be used for the most important services such as e-mail, social networks and banking services.
If the problem is remembering them, you can go to password managers like LastPass that works directly in the browser or KeePass that is a desktop program compatible with Windows, Linux and Mac that also has some clones for mobile devices such as KeePass2Android and several others for iOS.