OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

How Many Times Were You Pwned?

Preview:

HaveIbeenpwned is a valuable Internet resource that maintains a database of companies that had account breaches. They have 674 breaches and over 12 billion breached accounts! Here's how to use the site to check your email address.


For an eye-opening view of whether your accounts have been breached, go to https://haveibeenpwned.com. The word pwn is pronounced like own.  So "PWN" is own with a p in front and pronounce, but the o missing and also pronounced. This breaks a rule I was taught in grade school that all words have at least one vowel. In any case it means to own or control someone or something. If someone routed another person in a game, you could say they pwned them. In this case, it means your account was compromised so someone else could control it.

This word, pwn, certainly counts as one of the best examples of the organic nature of language, creating words we couldn't dream of. The Merriam-Webster dictionary suggests this as the likely origin.

The word likely has its origin in a mistyping of own, what with the p and o being so close to one another on the QWERTY keyboard and all.

When I last went there (May 25, 2023) they displayed this information regarding the extent of their database:
  • 674 pwned websites
  • 12,576,062,746 pwned accounts
  • 115,747 pastes
  • 228,723,401 paste accounts

Notice that while there are 8 billion people on Earth, over 12 billion accounts were pwned. Pastes are lists on the dark web of email addresses from unknown places sometimes showing passwords as well.

Haveibeenpwned knows about 14 different companies that lost my email address. LinkedIn managed to lose my data twice! Adobe lost it as well. However, I'd never heard of 12 of the 14 different companies and I didn't have an account or any business dealings with them. They were data brokers. These brokers collect information for resale to spammers, marketers, other companies and anyone who might want to research you for identity theft or anything else.

What Information Do They Lose?

They could lose nothing but your email address, however, data brokers normally have much more information. For example Exactis lost my account and I'd never heard of them. They describe themselves as a: "compiler and aggregator of premium business & consumer data", which they sell.

The information they lost included: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages. They might not have had all that information on me, but that's what they collect and sell. On the other hand, Factual lost my information and only had: Email addresses, Employers, Phone numbers and Physical addresses.

Next month I will do an article about removing your data from data brokers.

Free Services

Haveibeenpwned provides some free services and I suggest you use them. Their services can't include every breach, but it does include a lot of them and most other companies that provide this service use their database.
  • Email address. They will show you how many leaked databases your email address was in. Just enter the email address and they'll report it.
  • Notify me. They will notify you if any of your email addresses appears in a new breach.
  • Domain search. If you own a domain like I do, then they'll notify you if anyone with that domain address appears in a new breach.
  • Who's been pwned? An alphabetical list of the 674 breaches in their database.
  • Passwords. Check and see if passwords were used and how many times. I found out that lifeisbliss was discovered 36 times and dusty89 389 times.
  • You can also look at what kind of information was exposed by the companies that lost your data.




Date: June 2023


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster