Want to know if your email address was compromised in one of the big data breaches?

Topic

New Reply

A new website will let you know for sure, if you wondered whether your data was compromised in one of the data breaches that affected Adobe, Sony or Gawker (and a couple others).

You can find out here: http://haveibeenpwned.com/

Reply | Quote

Replies

Just checked mine and:
Oh no — pwned on 1 site!– Adobe– In October 2013
I have changed my password on Adobe, but apparently they got my email address.
Recently, I noticed strange emails that appear enticing to look into. Fortunately, I have been ignoring them.
I strongly suggest other members check theirs.
Sincere thanks.
Michael

Reply | Quote

You’re welcome, Michael.

Seems I had two email addresses on Adobe, too. Not good. Fortunately I changed all my passwords since I started using LastPass, dumping my previous password generating algorithm.

Reply | Quote

I also changed my password on Adobe.
Michael

Reply | Quote

I also just changed mine…

I never purchased anything from them so their wasn’t any credit card info on there

Reply | Quote

I wasn’t going to add my real email so tried a fake one I never used and it say even it was Oh no — pwned on 2 sites!
Sure you aren’t giving away an email to a Spammer? :rolleyes:
EDIT: OK I see that guy built that site is an MVP

Reply | Quote

I wasn’t going to add my real email so tried a fake one I never used and it say even it was Oh no — pwned on 2 sites!
Sure you aren’t giving away an email to a Spammer? :rolleyes:
EDIT: OK I see that guy built that site is an MVP

The guy that built the site is a well known and respected MVP and an excellent developer, who graciously shares his time and knowledge with anyone interested. Your comment is widely off the mark and I really mean widely.

Reply | Quote

I tried the same thing and got back the Adobe warning.

I guess it’s not as reliable as one would think…Who knows..

Reply | Quote

It gave a false thing to a totally false email
I didn’t know that guy was mvp reason I edited

Reply | Quote

It gave a false thing to a totally false email

So what leads you to believe someone else isn’t as imaginative as you are and didn’t use that email address? How can you, with any certainty, claim the result is false?

Reply | Quote

3 more trys and anything I type using the big providers hotmail, yahoo it finds it pwned on at least 1
Using a fake on my local Internet provider email it Good news — no pwnage found!

I read his thing on how he created it trying to make it fast with that much data so I’d imagine it slips

Reply | Quote

I read his thing on how he created it trying to make it fast with that much data so I’d imagine it slips

That’s your technical assessment? Do you understand the difference between relational databases and NoSQL databases, in this case a key-value database that was used to store the emails publicly available from the data breaches the site keeps data from? Can you provide any sound technical base for your statement about it “slipping”?

P.S.: Troy posted a detailed description of how he did it: http://www.troyhunt.com/2013/12/working-with-154-million-records-on.html. You should go there and tell him he is doing it wrong.

Reply | Quote

What if Adobe told you you did not have a password with them?

Reply | Quote

What if Adobe told you you did not have a password with them?

The email records searchable on the new site were made available by those who hacked the sites for which data is provided – the site is providing data for 6 known breaches at the moment. If the data on the site is contradictory with what Adobe told you, you need to choose who to believe, either Adobe or the hackers.

I believe Troy built the site for two reasons: to play with some technology and to provide a service for those who want to know whether their accounts were compromised or not. If one of your email addresses is found at the site, you need to decide if that requires you to make sure you are using unique access details for all websites were you are registered (or to put it another way, whether any email address / password pair you used with Adobe is not in use elsewhere).

Reply | Quote

Thanks Rui……. I’d go with the hackers list, but I have no record of ever supplying a password to Adobe for anything. I’m baffled. But i will change my password on the address i searched.

Why can’t people play nice! Rhetorical question of course.

BJ

Reply | Quote

Thanks Rui……. I’d go with the hackers list, but I have no record of ever supplying a password to Adobe for anything. I’m baffled. But i will change my password on the address i searched.

Why can’t people play nice! Rhetorical question of course.

BJ

I should probably say that I didn’t get a warning from Adobe, either and two of my addresses are in the list of those obtained. So I guess I should have asked you how Adobe told you your email had not been breached.

About playing nice, well, I think those who keep customers data need to do a better job ensuring it stays safe. Some of these hacking occurs just because it’s possible to do so and those who hack into these systems want to show that.

Reply | Quote

Back when this came to light, there was some discussion here and a link to determine if your address was in the Adobe database. At least I THINK it was here and I checked it with my current email address and Adobe said no I was not in their DB. Now it turns out I am.

I went through my password file [kept on flash drive] and looked at what accounts used the offending password. None of them are credit cards. or banks and many were tied to a now defunct email address. i.e. the company is defunct. Never the less, I will begin the arduous task of ‘fixing’ it all.

BJ

Reply | Quote

Back when this came to light, there was some discussion here and a link to determine if your address was in the Adobe database. At least I THINK it was here and I checked it with my current email address and Adobe said no I was not in their DB. Now it turns out I am.

I went through my password file [kept on flash drive] and looked at what accounts used the offending password. None of them are credit cards. or banks and many were tied to a now defunct email address. i.e. the company is defunct. Never the less, I will begin the arduous task of ‘fixing’ it all.

BJ

Better to play safe, indeed :).

Reply | Quote

You should go there and tell him he is doing it wrong.

Nope up to you as OP. Believe in what you post then defend it. Go get him to answer here

but I have no record of ever supplying a password to Adobe for anything. I’m baffled.

I have no Adobe accounts either nor any of the other sites listed, none, naughta, zero and never have and tried one of my valid emails and I’m pwned. Unless Adobe was data mining

How do you contact them to change a password if you never had an account?

Reply | Quote

Nope up to you as OP. Believe in what you post then defend it. Go get him to answer here

I have no Adobe accounts either nor any of the other sites listed, none, naughta, zero and never have and tried one of my valid emails and I’m pwned. Unless Adobe was data mining

How do you contact them to change a password if you never had an account?

My problem is that I would have trouble to explain to him the meaning of precise technical words like “slipping”. I don’t think I would be able to. I also that in a universe of 138 million emails, the likelihood of you “guessing” a short, non random email address, from a big provider, must be non negligible. I will contact him, though, if your email address is not found in one of the two links below and you PM me the address in question.

As to the passwords, the issue is not getting Adobe to change the password, is making sure the email associated with the any of the breeches, if used elsewhere, is used with a unique, strong password.

Other sites allow testing for Adobe compromised emails, so you can check there, as well:

http://adobe.breach.il.ly/
https://lastpass.com/adobe/

All of them solve nothing other than allowing anyone to know whether their accounts may have been compromised. This may not even be needed, if online passwords are never used on more than one site, as they shouldn’t.

Reply | Quote

Other sites allow testing for Adobe compromised emails, so you can check there, as well:

Well thanks for that link I got
Your e-mail address is in the list.
Change your password immediately.

Still don’t remember ever signing up for adobe and its not in my password list.
OK I found link for reset Password
EDIT: correct link https://www.adobe.com/account/sign-in.adobedotcom.html?passwordReset=true

Reply | Quote

Well thanks for that link I got
Your e-mail address is in the list.
Change your password immediately.

Still don’t remember ever signing up for adobe and its not in my password list.
OK I found link for reset Password
EDIT: correct link https://www.adobe.com/account/sign-in.adobedotcom.html?passwordReset=true

Seems the data is shared by more than one site… This was made public by the hackers, I think, so everyone is using the same data set.

Reply | Quote

All of them solve nothing other than allowing anyone to know whether their accounts may have been compromised. This may not even be needed, if online passwords are never used on more than one site, as they shouldn’t.

Yes. One of my email addresses turned up on the list, but I’ve decided not to bother changing my password or doing anything else. The password was one I used only on the Adobe site, and the credit card I used several years ago to buy some software was cancelled some time ago. And given Adobe’s change in policy about how one “buys” Photoshop, I don’t think I’m likely to be buying anything else from them.

Reply | Quote