How to Find Out if an Account Has Been Hacked

The recent disclosure that Mark Zuckerberg’s own Facebook account password was hacked this week should set alarm bells off for anyone who’s ever created an online account. You have to wonder, if the Facebook founder’s email and password accounts aren’t safe, then what is?

In case you haven’t heard, last weekend Mark Zuckerberg’s Twitter and Pinterest accounts were briefly hacked by a group calling itself OurMine. They demonstrated by announcing his lame password on his Facebook timeline.

No, Facebook wasn’t hacked. Zuckerberg’s email and passwords were part of a LinkedIn database that was actually hacked back in 2012, (along with up to 167 million others), and just posted online in May this year. Since then, hackers have been having a heyday with them.

So if Zuckerberg’s LinkedIn account was hacked, why did it affect his Facebook and Pinterest account?

It’s because he used the same lame password for all of those accounts.

And he never changed it after LinkedIn announced they were hacked.

…Since 2012.

Apparently Zuckerberg is guilty of password laziness – using the same lame passwords on multiple accounts.

He’s not alone. Along with millions of others who are getting hacked for using lame passwords, Drake, Kylie Jenner, and even Evan Williams, co-founder of Twitter, have also been exposed in the last week.

 

Should you be concerned?

If you use a lame password (see Microsoft Finally Bans Easy-Stupid Passwords ) and/or use the same password—lame or strong—on multiple online accounts, then YES, you should be concerned.

If so, you should RUN IMMEDIATELY to change the login password on every single online account you own. And use a different strong password that can’t be hacked for every account.

Okay, so maybe you’re grinning right now and feeling safely smug because you don’t use LinkedIn. Or maybe you’ve changed your LinkedIn password once or twice since 2012.  

Have you ever had an account on MySpace? A whopping 359+ million accounts were stolen in 2008. Those email addresses with passwords and usernames were found being offered for sale on the open market in May 2016. What about Adobe? In October 2013, 153 million accounts revealing email addresses, password hints, passwords and usernames were stolen and also put up for sale. Tumblr? Over 65 million accounts breached in early 2013. SnapChat? 6+ million accounts.

These are just the tip of the iceberg. The website HTTPS://HAVEIBEENPWNED.COM, has been collecting data on “disclosed” website breaches only since November 2013 and it already has details on over 1,070,600,134 pwned accounts worldwide! This is from 112 of the largest website breaches they’ve uploaded so far.

About two years ago, a gang of Russian hackers hijacked more than 1 billion usernames and passwords. It’s estimated those hackers stole usernames and passwords from an about 420,000 websites… 

 

 

Definition of PWNED (from https://en.wikipedia.org/wiki/Pwn)

Pwned is pronounced as “owned” or as “poned”, both are correct.  ‘Pwned’ is commonly used as a gloating expression; it means ‘to be dominated’, ‘to be controlled against your will’, or ‘to be defeated by a superior power’.

Example usage:
“If you have an online account on a website that was hacked, then you’ve been PWNED, dude!”

  

 

  

How to find out you’ve been pwned

 

 

HAVEIBEENPWNED.COM is the website you can go to find out if any of your email addresses have ever been reported as a compromised pwned account. 

According to site owner Troy Hunt, around 10,000 people visit haveibeenpwned every day, and over 350,000 people have subscribed to getting an email notification if their information appears in a new breach.

Check your online accounts – Simply type in your email address and hit enter

Within seconds Haveibeenpwned will show you if your email address is in any of their continuously updated database of pwned websites or “pastes”.

What the heck are “pastes”?  Often when online services are compromised, the first signs of it appear on “paste” sites like Pastebin. Attackers often publish either samples or complete dumps of compromised data on these websites where anyone can retrieve them anonymously.

If you do have a compromised account password, you’ll see a message that looks like this. It will include details of what website was hacked, when, and what details were compromised.

 

If you see one of these messages, you don’t necessarily need to panic, yet. But please change your passwords if you haven’t already.

While you’re at it, now might be a good time to pass this around to all your friends, family and colleagues. You might just save someone you know from some serious grief.

Have you been pwned?