You may have seen the website https://haveibeenpwned.com/ circulated on Facebook but did you go and check if you might have an email account that has been compromised in a data breach?
Well one Dorrigo business owner did. This is their experience – it does happen and could happen to you, potentially causing a huge loss of time and resources for your business.
“I first became alerted to an issue when I recently received two threatening (blackmailing) emails including two separate, simple, passwords that I probably used many years ago on some irrelevant website, probably an online forum/subscriber website I accessed only once.
I sent a copy of the threatening email to my ISP and they then supplied the https://haveibeenpwned.com/ . They also tracked the threatening email to Denmark.
I managed to get a search done on all emails in our business domain. A number of breaches appeared for legitimate email addresses, such as mine, as well as some other ‘illegally’ generated email addresses using our buisness domain.
So, I’ve been educated! I’m no longer concerned as we’ve had a far more secure method of handling passwords for a number of years; all different and all ‘complex’, but the recent threat did concern me as it did involve some old passwords and did consume a number of hours of my time.”
The website has been set up by Troy Hunt, an Australian Microsoft Regional Director and security expert, as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. It is increasingly being used by government and big business around the world, including police. By aggregating the data, the service not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet.