today ive been trying to keep my account secure over scam anti virus software that I have installed. someone recommended me this site to see if any personal info of mines has been leaked. ran a scan and everything seems to be good for now? i then also did a scan for the site itself after words on virus total and it gave me a message saying "1 security vendor flagged this URL as malicious". not sure if I should be concerned abt that information and hopefully this site isn't a scam innit of itself

I usually check haveibeenpwned.com every year or so and it's always come back negative for any breaches, until now. Turns out my info has been in 3 breaches in just the last 6 months, so what would be the best course of action here?

I’ve been wondering how effective HIBP actually is. When a site gets breached, the leaked data is often sold or circulated in private before it’s added to public forums on dark web and then to breach databases like HIBP. By the time my password shows up there, it might be too late to do anything useful.

Also my email - unless it is unique, random address, it is visible in public web anyway. So why should I look for it on dark web?

I've seen some people say that if a breach has just ben announced, the website wouldn't be able to identify if your data was leaked or not. Is that true? How long until it shows?

I know this website is safe to check your email addresses. I noticed that there is a 'Passwords' section and you can enter your passwords in there to see if they have been breached.

This might sound like a stupid question, but is it actually safe to enter your password here to check to see if it has been breached?

So in the latest HIBP blog post about a new upload of breaches -
Troy Hunt: Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

it turns out a long winded way of Troy and Co to end up saying 'sign up for an enterprise value subscription in order to get anything useful out of the latest alerts'.

urgh.

I happily paid for the previous cost that allowed our business to be kept up to date with breaches and allow us to search, even though that feature somewhat superseded by our password manager having the same functionality.

Then HIBP introduced an API to check for log items in Jan, which was great!

But now they've taken that away from our current sub level (the only one that existed at the time I think) and essentially 12x'd the price on that feature.

It feels like the latest breach information email and corresponding blog post feels extortionate - 'hey, this latest alert that you got informed of, pay us that 12x a cost to find out what it means'.

We aren't an enterprise level business, so don't have the budget to pay for such a niche feature which is really on an 'as needed' basis. The other frustrating thing is now the cost is comparable with a fully featured SAAS application, which HIBP is not. It's janky as.

Be keen to know if anyone thinks the same and has some alternatives.

Im really paranoid about data breaches and i just really wanna know

Other than haveibeenpwned.com and KnowBe4, what are you usign to track compromised email accounts? haveibeenpwned.com is getting expensive for us. We are small company.

Other than changing my password, what other steps should I take?

It said that I have 1 data breach. What does that even mean? Does that mean that somebody guessed my password and was able to log in to my email and get all sort of info?

I came across a few posts about people failing to understand the notification from haveibeenpwned.com regarding the recent ALIENT TXTBASE dump, while also being overly concerned as I was last night until reading up on it more this morning. Luckily I think most people shouldn't be concerned, here's why.

First off here's how to see what passwords were supposedly "leaked" since many people seem to be confused:

1. Go to haveibeenpwned.com

2. Click "Notify Me" up top

3. Enter your email address

4. Click on the "View my email address status" button in the received email; this will now bring you to a page where you can see exactly what info of yours was in this leak.

5. Scroll all the way to the bottom until you see "Stealer log entries"

Now what's most important is the "Domain" list. Each domain listed here is the website in which your password for that website was supposedly leaked for. This domain is not your email's domain; a common misconception I'm seeing, even though it could be an email website like gmail.com which I'll get to. Again, it is the domain of the website of which your password is for. The email address you entered in the steps above would be the username/login email for each website listed here.

If you only see gmail.com you should not stress. Change your password for gmail.com of course and run a few virus scans on your machine (Windows Defender, MalwareBytes, Norton Power Eraser, HitManPro, and Emsisoft Emergency Kit are what I ran). They'll probably come back clean, and here's why:

The most likely case here is someone with an infected machine was trying to log into gmail accounts (or other email providers) using known email addresses and other older leaked passwords related to those email accounts from other leaks. The second likely case is the leakers of ALIEN TXTBASE included a ton of data from old leaks, either passwords related to websites other than gmail or completely made up passwords, to inflate their numbers increasing their chances of selling this data. They did include real passwords confirmed by Troy Hunt, however that doesn't mean anything. Do you really think that ~284 million machines were compromised? That would be a defcon 1 level type of malware. So relax, your chances of actually being compromised in this case are slim to none.

If you see more domains than gmail.com the probability of your data being accurate is much greater. Change all of those passwords after scanning your machines. If you get any detections, reinstall the OS completely and format all drives.

Hello so i know this is stupid since i can just research it and find the answer easily but im currently sick right now and i can barely remember stuff so im making a post just so i can remember and check when im not sick anymore

This is also for both me and my friend and hes a little paranoid so im making a post to also check if its real

So is the real site is the one in the picture and what do i do if it found a data leak? Do i just change password? And how do i check if its a old password? I havent used it so i dont know

I can't for the life of me figure out if just my email address was leaked, or the password as well? And I hear people say that its not a big deal. How can that be? They can see all my emails.

I've used HaveIBeenPwned a bunch of times to check if my email has been in a data breach, but it doesn't show the actual leaked passwords, it just tells me there was a breach.

Are there any good alternatives to HIBP that let you see more detailed breach info, like the actual leaked credentials?

Not sure whether to use it or not, as I’m worried about it’s safety

I believe many of you are familiar with the website haveibeenpwned.com. I recently checked it using an old email of mine and discovered that my address appeared in 11 data breaches 😅. This got me thinking:

Is haveibeenpwned.com not an ideal tool for blackhats? If someone is trying to find a victim's credentials, they could use this site to identify which breaches to target. From there, wouldn't it be relatively straightforward to obtain some hashes? Or is locating these data breaches the challenging part?

Hey guys. So today I found out about this site and wanted to see if I have any data breaches. And it turned out that my account was one of the 140 million pwned accounts on Canva on May 2019 which was a huge data breach if you remember it. So it's been 4 years and today I changed my Canva password and enabled 2 factor authentication. Is there anything else I can do in this situation? And why when I run my email through the site, it still shows that I got pwned? And it's the same thing, the canva breach. How do I remove it completely from that tab? Or is it supposed to? And also I wanted to point out that I don't actually really use the app, I used it like two times when I needed it. So maybe the best thing for me to do will be deleting the Canva account itself? Will it disappear then?