Author

Topic: How to check whether your email address has been compromised? (Read 276 times)

full member
Activity: 1526
Merit: 110
Recently I started receiving a lot of spam and scam emails into one of my email address which I generally use for my freelance work.
Thanks for sharing this info with us. I have checked my email address now. My email address is not compromised. But i receive some airdrops email always and i don't participate that airdrop. Its boring to me.
hero member
Activity: 1974
Merit: 534
Recently I started receiving a lot of spam and scam emails into one of my email address which I generally use for my freelance work.

I wanted to know why there was a sudden bombing of such emails into my address wherein I only use it to login to specify website for my work and receive emails from my clients.

I knew something was not correct and I was determined to find out what was wrong? So, I took the help of Google and did some search using specific keywords and found two websites.

If you are also facing the same problem like me then you can use these two websites to find out whether your email address has been compromised

First website:

Have i been pwned?


Thank you for this website, I didn't know know this one before.

Actually I have the same problem as you. In the last 3 month I noticed a lot of new spam emails which I didn't get before. When checking your website I noticed I got breached. Had to quickly change my password and security question, also changed my anti virus program just in case. It's sad that the email provider can't offer better protection from scam in 2020.
full member
Activity: 868
Merit: 151
Thanks for sharing this useful article as it will help many other who may be facing the similar issue or had faced it. I knew 1 of the websites when I was also facing the same problem some time ago. This just helps us to know and get a fair idea. Blocking is a better option unless if the email address is not that important and do not receive any important mails or not being shared to anybody else. Because otherwise you would want to use this old mail address as anybody can mail you if it has being given to others as well.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
...
Each email address which is entered has a high chance of still being used, and so those are the ones they focus on. By using a site like this, you could inadvertently be making yourself a target.
...

This is exactly the first thing that popped into my mind when I knew about the existence of HIBP (a year ago):
...
You may think I am being delusional but here is what I think:
They have a database containing more than 8.500.000.000 email addresses and hashed passwords. Obviously they can't heck them all knowing that most of them are throwaway emails.
By entering your email address there, you are telling them that you care about it and Hence there are high chances that it contains some valuable information.
Also, they provide a service to check if your password was leaked! If you enter your password then they can generate its hash and compare it with other hashes on their database.

I like the way you think : )
member
Activity: 898
Merit: 19
Do it For Better Humanity (Bitget trader)
This post will really help a lot of people whose email have been compromised. I check my 1st email and I see it has been pawned.. Seems nothing can be don to that apart from filtering unwanted emails.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
IIRC, there's an interview from the owner of this website and they've said and guaranteed that they're not keeping records from the inputs and searches of email addresses of their visitors.

I was worried too that even if my email wasn't breached, they'll classify it as a breached email upon inputting it to them but it tends that I'm wrong with that assumption.
copper member
Activity: 2324
Merit: 2142
Slots Enthusiast & Expert
I knew this site a long time ago, afaik it's not the email that has been compromised, but the service you register with the email address. Perhaps I translated OP wrong though. In other words, users' email may or may not been breached/hacked (depend whether they use the same password every time or not, which is BAD). Anyway, the site is pretty accurate, not sure about logging things.

I am not sure but the best they can do when someone has your e-mail is try to guess your password through brute-force attack I assume. And as long as your password is strong it would be not easy to find it. Plus if you have 2fa enabled then that would be another layer of security that they'd have to bypass to get through. I remember watching Mr.Robot and Elliot had to install malware into someone's computer to gain access to their e-mail because they had 2fa enabled.
As long as 2FA and strong password are there, it should be sufficient. But the thing is the spam that keeps coming is pretty annoying. That said, we don't have to use such services. If suddenly we get spam emails, then our email is known.
member
Activity: 72
Merit: 36
I have used these two websites in the past and they have been providing this service for quite sometimes now. They are not storing your email address when you enter it to check for breach.

The best thing to do incase if your email has been compromised by some platform is to contact the platform directly and question them. I did it in my case and found out that the information they are providing is correct.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
There’s a similar thread that also somewhat discusses whether the site can be trusted, or if will somehow lead at some point to a breach of emails that are seemingly active:  UPDATED! [Guide] How to know if your email address was part of any data breach.

One has to be wary of providing his email here and there, and you probably will try this site out reactively rather than proactively (meaning when you start to receive spam). I’ve had no issue trying it out with old accounts on which I received ample spam, but do refrain from using my current operative ones just in case.

Note: The we don’t store your password -> see log information -> we may store typed-in information and IPs, does not clear things out exactly to the extent one would hope for.
full member
Activity: 686
Merit: 125
I just give merit to OP for the effort he made in the sense of helping for the bitcointalk community. The intention is clear that OP wanted to become helpful. Whether the post is confirmed legit or not I did reward it with merit. It is somehow like motivation for users to continue on being helpful though I am too short with it. I do not like to hoard merits too at the moment and spending it would help to circulate in the forum.

Anyway,  in my own opinion I do not think that my email ad was breach(my assumption) and I am using 2FA too that would be needing to acces the email. If they had the tool to access email bypassing 2FA then thats it I could do nothing they are genius that can break it through while I am just a user using the service of the email for free.

However, I do not rely on emails. The only thing that had been using with my email is when someone ask for it as a last resort for a certain transaction to go through. Literally I am not active in using emails at the moment.
legendary
Activity: 2268
Merit: 18748
Either way, they can't really do much with just your email anyway, which is all they require, and you can always hide your IP using tor, VPNs, etc..
haveibeenpwned.com says they have over 10 billion compromised accounts. Given that they have access to all these data breaches, then malicious third parties also have access to all these data breaches. No attacker is going to be able to try 10 billion different accounts multiple times each across different websites and services to see which ones are still active and being used. So they start a fake "check if your account has been breached" website where people enter their email addresses. Each email address which is entered has a high chance of still being used, and so those are the ones they focus on. By using a site like this, you could inadvertently be making yourself a target.

Having said that, haveibeenpwned.com has a pretty solid reputation as explained by cryptomaniac above. I wouldn't worry too much about using it, but I certainly wouldn't use any other website along the same lines.
hero member
Activity: 1834
Merit: 759
No. You don't get my idea. I meant if you don't enter your email address on that site, they likely don't have your email address in their database. Maybe they have it on database or maybe not before the time you enter and search. It is only assumption and the prevention is protect the privacy of your important email address.

When you search for an email address

Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

They don't necessarily save your email, but they do keep logs.

Anyway, I have personally used it and had some old emails show up along with specific leaks; I can anecdotally say it's legit. It's a popular and reputable service and I would say it's reasonably safe to trust. Either way, they can't really do much with just your email anyway, which is all they require, and you can always hide your IP using tor, VPNs, etc..
hero member
Activity: 1344
Merit: 540
As far as I know, you just have to enter your email address and check their databases if your email has been breached or not. And then they have this services that will let you notify when your email has been breached.
No. You don't get my idea. I meant if you don't enter your email address on that site, they likely don't have your email address in their database. Maybe they have it on database or maybe not before the time you enter and search. It is only assumption and the prevention is protect the privacy of your important email address.

As same as when you use your bitcoin address, when you lost its anonymity, you can not get it back.
They don't record your email address. So when you used their service, they will respond if that email is on their databases of breach email addresses or not. If it is, then you have to either change your password right away, or create a new one.
hero member
Activity: 2702
Merit: 672
I don't request loans~
Well! If you are talking about net safety of these websites then you can check their terms and conditions and their privacy policy. I am confident that they are not the ones who compromise your email address as their business model is based on finding who breached?

Plus why will they jeopardize their reputation?
Yes, their terms and conditions and what not ensure that the email address you input is safe, but what if they were hacked? What if they stored a list of the email addresses that were inputted there and a breach of security was done? Your email would basically be good as discovered. Credible or not, anything that's been used in the internet can't be removed no matter what, and once someone finds that little trace, you're as good as found. That's what probably @tranthidung is saying.

This is why you should really have multiple email accounts possible, depending on whatever usage you have for each one of them. It is simply an assumption ofc, nothing is for sure, but it's better to be safe than sorry no?
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
As far as I know, you just have to enter your email address and check their databases if your email has been breached or not. And then they have this services that will let you notify when your email has been breached.
No. You don't get my idea. I meant if you don't enter your email address on that site, they likely don't have your email address in their database. Maybe they have it on database or maybe not before the time you enter and search. It is only assumption and the prevention is protect the privacy of your important email address.

As same as when you use your bitcoin address, when you lost its anonymity, you can not get it back.
hero member
Activity: 1344
Merit: 540
First website:

Have i been pwned?
Are you safe if you enter your email address and check on that site?

I guess you will be not. It is a trap. Instead showing your email address publicly, on the forum and anywhere else, you enter it and check on that site. Are you sure that they won't keep your email address on their database and will see it to other companies?


Please make sure that:
  • Don't publicly show your email address.
  • For important accounts, allocate specific emails for those accounts and don't use them for other purposes on other platforms.
  • Don't self-breach your email address by arbitrarily enter your email addresses and check on any site (like what you supposed)

As far as I know, you just have to enter your email address and check their databases if your email has been breached or not. And then they have this services that will let you notify when your email has been breached.



Troy Hunt, the man behind this project:

Quote
I'm Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

https://haveibeenpwned.com/About

So pretty much he has outstanding credibility specially in the field of security.

Actually you can download the lists of passwords: https://haveibeenpwned.com/Passwords. But it is still protected by SHA-1 and NTLM hash.

Alternatively, there are a lot of independent developers who improved and evolved IHBP. From, Android apps/iOS apps/Windows Phone apps/PHP libraries & sites/Python scripts and many more: https://haveibeenpwned.com/API/Consumers.

And if by any chance someone once to donate to the project, they are accepting BTC as donation: https://haveibeenpwned.com/Donate


Of course, the best practice is not to reuse passwords or get a password manager, but that is for another discussions.
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
First website:

Have i been pwned?
Are you safe if you enter your email address and check on that site?

I guess you will be not. It is a trap. Instead showing your email address publicly, on the forum and anywhere else, you enter it and check on that site. Are you sure that they won't keep your email address on their database and will see it to other companies?


Please make sure that:
  • Don't publicly show your email address.
  • For important accounts, allocate specific emails for those accounts and don't use them for other purposes on other platforms.
  • Don't self-breach your email address by arbitrarily enter your email addresses and check on any site (like what you supposed)

Well! If you are talking about net safety of these websites then you can check their terms and conditions and their privacy policy. I am confident that they are not the ones who compromise your email address as their business model is based on finding who breached?

Plus why will they jeopardize their reputation?
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
First website:

Have i been pwned?
Are you safe if you enter your email address and check on that site?

I guess you will be not. It is a trap. Instead showing your email address publicly, on the forum and anywhere else, you enter it and check on that site. Are you sure that they won't keep your email address on their database and will see it to other companies?


Please make sure that:
  • Don't publicly show your email address.
  • For important accounts, allocate specific emails for those accounts and don't use them for other purposes on other platforms.
  • Don't self-breach your email address by arbitrarily enter your email addresses and check on any site (like what you supposed)
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
Recently I started receiving a lot of spam and scam emails into one of my email address which I generally use for my freelance work.

I wanted to know why there was a sudden bombing of such emails into my address wherein I only use it to login to specify website for my work and receive emails from my clients.

I knew something was not correct and I was determined to find out what was wrong? So, I took the help of Google and did some search using specific keywords and found two websites.

If you are also facing the same problem like me then you can use these two websites to find out whether your email address has been compromised

First website:

Have i been pwned?



I entered my email address and found out that data breach occurred from these platforms.



To make sure that the information provided by the first website was correct. I did a double-check by visiting the second website.

Second website:

What is my IP address?



When I entered my email address and checked for breach I found out a similar result.



Although these websites can help you to determine to a certain extent what may have gone wrong with your email address there no conclusive evidence that the spam mails that you are receiving are because of the breach.

It is advised not to open and report mails as spams if you are not aware about the senders.

What to do if your email is compromised?

If your are using a mail service provider like gmail you can increase the spam filteration by clicking on the gearicon>>settings>>Filter and Block Address.

Change your password.

Or

Create a new email address.

P.S - This topic is for educational purpose and I am not promoting these platforms.
Jump to: