My name is Rhys, a first time dad blogging about my adventures and experiences of being a parent. [email protected]

How to find out if your password has been stolen

In today’s digital age, our email address acts as our key to many online digital services, whether you’re looking to stream something on Netflix, sign into a digital wallet such as Paypal or use it to access your personal information on Facebook. 

You may be guilty of this too, how often do you hear about a big brand hack and think nothing of it unless you receive an email from the provider? You often receive an email to say that your account ‘may’ have been compromised in a data breach, but they don’t tell you if you’ve definitely been affected. So, you may put off changing your details straight away and put it on the forever increasing to do list. Does this sound familiar?

Although I take my security seriously, in the past I have been guilty of putting off changing my details straight away unless I’m certain that it affects me.

However, whether you’ve been subjected to a cyber attack or your data leaked by a provider, it’s a good idea to take action now and see if your online accounts could be open to a hack.

There are a few services that can help you to see if your passwords or email addresses have been stolen. Here’s a list of the free services that I’ve been testing out…

ClearScore – www.clearscore.com

As well as offering a free credit score and report, ClearScore also offers dark web monitoring for your account email address. ClearScore says it will scan more than 41 billion online records to see if it can find your details on the web.

The free version allows you to monitor one email address, which scans the dark web every three months, or you can upgrade to realtime projection for £2.99 per month and monitor three email addresses. The paid for protection can also scan for stolen names, as well as your date of birth, postcodes, telephone numbers, and driving license and national insurance numbers.

ClearScore dark web monitoring

I’ve been using the free version and it’s pretty good. It will tell you if it has found your email address and/or passwords on the dark web. I was surprised to find out that a historic bit.ly account of mine was on the dark web.

Have I been pwned? (HIBP) HaveIbeenpwned.com

HIBP is another really useful service, which has been created by Microsoft Regional Director, Troy Hunt. It’s  also a free resource that allows people to quickly assess if your online accounts may be at risk due of being comprised or “pwned” in a data breach.

Have I been pwned?

All you need to do is input your email address and it will tell you of known data breaches that may affect your accounts.

When I scanned my personal email address, it identified Adobe’s breach in October 2013, when 153 million records were unlawfully accessed, including usernames, email addresses, encrypted passwords and password hints in plain text.  It also flagged a data breach from bit.ly in May 2014, which is confirmed by ClearScore and also a Disqus breach in October 2017. It also identified my details being ‘scrapped’ from Linkedin in 2018.

Breach information provided by Have I Been Pwned?

What was particularly useful about this site was the fact it gave you more information on the data breaches and when they occurred. They also list the largest and more recent breaches, which you can explore.

Avast Hack Check – www.avast.com/hackcheck

Avast, one of the world’s biggest providers of free antivirus software also provides a free ‘hack check’ that you can use. The service boasts that it has been able to detect more than 30 billion stolen passwords. I’m not sure if this is a good thing or worrying at the scale of the problem?

Avast Hack Check

The Avast Hack Check works in a similar way to the above services, you input your email address to reveal the results. This time, it said 5 of my passwords had been leaked and that it will send the details via email to my address.

Avast Hack Check – the results

Clicking on the details in the email, it reveals very similar information to both of the services above. However, when it details the bit.ly hack, it also shows me the account username, which the others did not. The additional leaks date back to June last year, but due to an on-going investigation it says, it cannot tell me the details of the source. Instead, it recommends I change all of my passwords relating to that email address, which I have done.

Overall, they are all really useful tools and the best bit is that they’re free. Although they all offer pretty much the same information, it’s worth cross-checking your results with another, just so you ensure you are fully covered.