Have you been Pwned? How would you know if you have been Pwned? What is Pwned anyway? There is a definition of pwned on Urban Dictionary that highlights where the words origins come from and why it means to be owned in the online world:
"A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."
"Instead, it said, so-and-so "has been pwned."
"It basically means "to own" or to be dominated by an opponent or situation, especially by some god-like or computer-like force.”
To be Pwned is to be owned, in common computer terminology if your username or password have been taken and shared over the internet you have been pwned (owned).
Are my Details Safe?
We all log on to a huge number of sites and services in the modern world. Whether it is using the Oauth protocol beloved of many social media sites and those sites that allow you to log in using the social credentials; or via an email and password. The simple fact is that there is little chance that we haven’t logged on to a service that has then suffered some breach, and as we sign into more of them the risk increases.
"When you subscribe to a free service with an insecure business model someone is going to cut corners. Security, or auditing, are often amongst the first victims."
In the last few years we have seen a number of high profile breaches such as; 3 billion Yahoo details, 70 million plus Uber details, and millions of Equifax details; and these are just the tip of the cyber-information iceberg.
Then there are the many unreported breaches. Security officers who sell details from 3rd party services located in database repositories with questionable security protocols. When you subscribe to a free service with an insecure business model someone is going to cut corners. Security, or auditing, are often amongst the first victims.
How do I know if it happened to me?
In the computer industry we tend to have this phrase:
there are two types of company, those that have been hacked, and those that know they have been hacked.
The same is likely true of one of your emails or usernames. This is true if you have had more than one, or if they are insecure or you have used them on a site that has suffered a breach and used similar details elsewhere. Even if the site used a encryption on your password the username allows them a chance to use social manipulation to garner a chance at your password.
So how do you check if you are a victim? How do you check if one of your emails or usernames is known? If so how do you check which sites so that you can change your details?
Pwned
There is a great site that can help you to start on this pathway. Head over to Have I Been Pawned (https://haveibeenpwned.com/) which is a website where they regularly update a list of known breached sites and emails and they give you a report on this. It is free, it checks millions of sites and hundreds of breached lists. This is an essential first start to securing yourself. They have over four billion pawned accounts in their lists, so it is a great resource. Most importantly they list all the major breaches very quickly so you can see if you have a issue.
The site even allows you to sign up for aerts if your details appear at a future date allowing you to keep a vigil on your details.
I am going to assume that you all have read my discussion on password security and the use of unique passwords for each site you visit coupled with the use of a password manager. By using any of the above information from this very useful website you can also target which passwords and sites to change first if they have been breached. Even if you use unique passwords of complexity and they are encrypted by the sites owners, if there is a breach you are best changing to be secure.
Good luck and keep safe.
[Don't forget that you can join in this conversation by using the comments form at the bottom of the page or by tweeting at @shadowcat_mdk]