Topic: How to check whether your email address has been compromised? (Read 261 times)

Thanks for sharing this info with us. I have checked my email address now. My email address is not compromised. But i receive some airdrops email always and i don't participate that airdrop. Its boring to me.

Thank you for this website, I didn't know know this one before.

Actually I have the same problem as you. In the last 3 month I noticed a lot of new spam emails which I didn't get before. When checking your website I noticed I got breached. Had to quickly change my password and security question, also changed my anti virus program just in case. It's sad that the email provider can't offer better protection from scam in 2020.

Thanks for sharing this useful article as it will help many other who may be facing the similar issue or had faced it. I knew 1 of the websites when I was also facing the same problem some time ago. This just helps us to know and get a fair idea. Blocking is a better option unless if the email address is not that important and do not receive any important mails or not being shared to anybody else. Because otherwise you would want to use this old mail address as anybody can mail you if it has being given to others as well.

This is exactly the first thing that popped into my mind when I knew about the existence of HIBP (a year ago):

I like the way you think : )

This post will really help a lot of people whose email have been compromised. I check my 1st email and I see it has been pawned.. Seems nothing can be don to that apart from filtering unwanted emails.

IIRC, there's an interview from the owner of this website and they've said and guaranteed that they're not keeping records from the inputs and searches of email addresses of their visitors.

I was worried too that even if my email wasn't breached, they'll classify it as a breached email upon inputting it to them but it tends that I'm wrong with that assumption.

I knew this site a long time ago, afaik it's not the email that has been compromised, but the service you register with the email address. Perhaps I translated OP wrong though. In other words, users' email may or may not been breached/hacked (depend whether they use the same password every time or not, which is BAD). Anyway, the site is pretty accurate, not sure about logging things.

As long as 2FA and strong password are there, it should be sufficient. But the thing is the spam that keeps coming is pretty annoying. That said, we don't have to use such services. If suddenly we get spam emails, then our email is known.

I have used these two websites in the past and they have been providing this service for quite sometimes now. They are not storing your email address when you enter it to check for breach.

The best thing to do incase if your email has been compromised by some platform is to contact the platform directly and question them. I did it in my case and found out that the information they are providing is correct.

There’s a similar thread that also somewhat discusses whether the site can be trusted, or if will somehow lead at some point to a breach of emails that are seemingly active:  UPDATED! [Guide] How to know if your email address was part of any data breach.

One has to be wary of providing his email here and there, and you probably will try this site out reactively rather than proactively (meaning when you start to receive spam). I’ve had no issue trying it out with old accounts on which I received ample spam, but do refrain from using my current operative ones just in case.

Note: The we don’t store your password -> see log information -> we may store typed-in information and IPs, does not clear things out exactly to the extent one would hope for.

I just give merit to OP for the effort he made in the sense of helping for the bitcointalk community. The intention is clear that OP wanted to become helpful. Whether the post is confirmed legit or not I did reward it with merit. It is somehow like motivation for users to continue on being helpful though I am too short with it. I do not like to hoard merits too at the moment and spending it would help to circulate in the forum.

Anyway,  in my own opinion I do not think that my email ad was breach(my assumption) and I am using 2FA too that would be needing to acces the email. If they had the tool to access email bypassing 2FA then thats it I could do nothing they are genius that can break it through while I am just a user using the service of the email for free.

However, I do not rely on emails. The only thing that had been using with my email is when someone ask for it as a last resort for a certain transaction to go through. Literally I am not active in using emails at the moment.

haveibeenpwned.com says they have over 10 billion compromised accounts. Given that they have access to all these data breaches, then malicious third parties also have access to all these data breaches. No attacker is going to be able to try 10 billion different accounts multiple times each across different websites and services to see which ones are still active and being used. So they start a fake "check if your account has been breached" website where people enter their email addresses. Each email address which is entered has a high chance of still being used, and so those are the ones they focus on. By using a site like this, you could inadvertently be making yourself a target.

Having said that, haveibeenpwned.com has a pretty solid reputation as explained by cryptomaniac above. I wouldn't worry too much about using it, but I certainly wouldn't use any other website along the same lines.

They don't necessarily save your email, but they do keep logs.

Anyway, I have personally used it and had some old emails show up along with specific leaks; I can anecdotally say it's legit. It's a popular and reputable service and I would say it's reasonably safe to trust. Either way, they can't really do much with just your email anyway, which is all they require, and you can always hide your IP using tor, VPNs, etc..

They don't record your email address. So when you used their service, they will respond if that email is on their databases of breach email addresses or not. If it is, then you have to either change your password right away, or create a new one.

Yes, their terms and conditions and what not ensure that the email address you input is safe, but what if they were hacked? What if they stored a list of the email addresses that were inputted there and a breach of security was done? Your email would basically be good as discovered. Credible or not, anything that's been used in the internet can't be removed no matter what, and once someone finds that little trace, you're as good as found. That's what probably @tranthidung is saying.

This is why you should really have multiple email accounts possible, depending on whatever usage you have for each one of them. It is simply an assumption ofc, nothing is for sure, but it's better to be safe than sorry no?

No. You don't get my idea. I meant if you don't enter your email address on that site, they likely don't have your email address in their database. Maybe they have it on database or maybe not before the time you enter and search. It is only assumption and the prevention is protect the privacy of your important email address.

As same as when you use your bitcoin address, when you lost its anonymity, you can not get it back.

As far as I know, you just have to enter your email address and check their databases if your email has been breached or not. And then they have this services that will let you notify when your email has been breached.



Troy Hunt, the man behind this project:


https://haveibeenpwned.com/About

So pretty much he has outstanding credibility specially in the field of security.

Actually you can download the lists of passwords: https://haveibeenpwned.com/Passwords. But it is still protected by SHA-1 and NTLM hash.

Alternatively, there are a lot of independent developers who improved and evolved IHBP. From, Android apps/iOS apps/Windows Phone apps/PHP libraries & sites/Python scripts and many more: https://haveibeenpwned.com/API/Consumers.

And if by any chance someone once to donate to the project, they are accepting BTC as donation: https://haveibeenpwned.com/Donate

---

Of course, the best practice is not to reuse passwords or get a password manager, but that is for another discussions.

Well! If you are talking about net safety of these websites then you can check their terms and conditions and their privacy policy. I am confident that they are not the ones who compromise your email address as their business model is based on finding who breached?

Plus why will they jeopardize their reputation?

Are you safe if you enter your email address and check on that site?

I guess you will be not. It is a trap. Instead showing your email address publicly, on the forum and anywhere else, you enter it and check on that site. Are you sure that they won't keep your email address on their database and will see it to other companies?

---

Please make sure that:

• Don't publicly show your email address.
• For important accounts, allocate specific emails for those accounts and don't use them for other purposes on other platforms.
• Don't self-breach your email address by arbitrarily enter your email addresses and check on any site (like what you supposed)

Recently I started receiving a lot of spam and scam emails into one of my email address which I generally use for my freelance work.

I wanted to know why there was a sudden bombing of such emails into my address wherein I only use it to login to specify website for my work and receive emails from my clients.

I knew something was not correct and I was determined to find out what was wrong? So, I took the help of Google and did some search using specific keywords and found two websites.

If you are also facing the same problem like me then you can use these two websites to find out whether your email address has been compromised

First website:

Have i been pwned?



I entered my email address and found out that data breach occurred from these platforms.



To make sure that the information provided by the first website was correct. I did a double-check by visiting the second website.

Second website:

What is my IP address?



When I entered my email address and checked for breach I found out a similar result.



Although these websites can help you to determine to a certain extent what may have gone wrong with your email address there no conclusive evidence that the spam mails that you are receiving are because of the breach.

It is advised not to open and report mails as spams if you are not aware about the senders.

What to do if your email is compromised?

If your are using a mail service provider like gmail you can increase the spam filteration by clicking on the gearicon>>settings>>Filter and Block Address.

Change your password.

Or

Create a new email address.

P.S - This topic is for educational purpose and I am not promoting these platforms.