We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Data breach
Comments
-
Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?Surely the first lesson you'd learn in cybersecurity is not to be telling anonymous websites your passwords and email address?It may be completely legit, I don't know, but the more different places you tell your passwords to, surely the more chance you have of them being taken?0 -
It doesn't ask for passwords. It asks for your email address, then it checks it against known data leaks. If it matches any it will highlight what was leaked, username, personal data, passwords etc.Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?Surely the first lesson you'd learn in cybersecurity is not to be telling anonymous websites your passwords and email address?It may be completely legit, I don't know, but the more different places you tell your passwords to, surely the more chance you have of them being taken?2 -
You make a good point. I think "haveibeenpwned" is a useful resource to check if your email address has been exposed, although any active email address that's been in use for a few years is likely to be on there, some of those breaches contain millions of addresses.Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?Surely the first lesson you'd learn in cybersecurity is not to be telling anonymous websites your passwords and email address?It may be completely legit, I don't know, but the more different places you tell your passwords to, surely the more chance you have of them being taken?
Passwords, however, I think should be personal. If you are daft enough to use a short, uncomplicated password in more than one place then it might be a useful kick up the backside to change it if you do the check.
haveibeenpawned is a long-established (in internet terms) and well respected site, if they started leaking passwords then I suspect it would be noticed very quickly.
Far more secure is using unique, random, 20+ character passwords, different for every site that needs them (using a password manager is the only realistic way of managing this for more than a few sites). I won't be bothering to check havibeenpwned for those. They also get changed reasonably regularly.
Even better is to get rid of passwords altogether, although there are only a few sites that will actually allow you to do this despite all the hype around passkeys etc - out of the ~1k sites that I hold login credentials for I've only removed all passwords for 2.0 -
flaneurs_lobster said:Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?Surely the first lesson you'd learn in cybersecurity is not to be telling anonymous websites your passwords and email address?It may be completely legit, I don't know, but the more different places you tell your passwords to, surely the more chance you have of them being taken?
haveibeenpawned is a long-established (in internet terms) and well respected site, if they started leaking passwords then I suspect it would be noticed very quickly.Despite worries posted above, they do not request your passwords. Any passwords in their possession are part of the data breaches that have occurred (and it would be nice to think they redacted them from their OWN storage of that data, in case _they_ got hacked).You provide an email address, or if you want, you can monitor * @ yourdomain.com to look for ANY breaches if you use multiple addresses (you will need to do a proof-of-ownership for the domain).0 -
No, obviously not. What would give you that idea?Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?1 -
haveibeenpawned.com? Yes, this is exactly what it asks you to do. For password lookups there is cryptographic hashing in place so that the password entered is never actually revealed in plain text on the site.Ergates said:
No, obviously not. What would give you that idea?Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?
FWIW, HIBP has been in existence since 2013.
Sorry if that response was ironic.0 -
It doesn't ask for email AND password though. It searches email OR password. Critical difference (as there is no association between the two).flaneurs_lobster said:
haveibeenpawned.com? Yes, this is exactly what it asks you to do. For password lookups there is cryptographic hashing in place so that the password entered is never actually revealed in plain text on the site.Ergates said:
No, obviously not. What would give you that idea?Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?
FWIW, HIBP has been in existence since 2013.
Sorry if that response was ironic.2 -
Ah, understand. Yes, that's a crucial point that I didn't make clear.Ergates said:
It doesn't ask for email AND password though. It searches email OR password. Critical difference (as there is no association between the two).flaneurs_lobster said:
haveibeenpawned.com? Yes, this is exactly what it asks you to do. For password lookups there is cryptographic hashing in place so that the password entered is never actually revealed in plain text on the site.Ergates said:
No, obviously not. What would give you that idea?Vectis said:Marvel1 said:
Also advises what has been leaked - including passwords.dumpster_fire2025 said:https://haveibeenpwned.com/ should tell you if your email address has been exposed (or more likely when) and in which hack.So, we're talking here about security breaches, i.e. emails and passwords being taken, and this site actually asks you to type in your email and passwords to apparently check them?
FWIW, HIBP has been in existence since 2013.
Sorry if that response was ironic.1 -
I personally am not claiming for anything.Just wanted to say the no claim join a class action companies are advertising.0
-
Ambulance chasers are always looking for a new flashing blue light to follow.donnac2558 said:I personally am not claiming for anything.Just wanted to say the no claim join a class action companies are advertising.
And people will always sign up to things if they think there might be free money.2
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.1K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards