Is Your Account Secure? How to Check for Leaked Passwords
Data breaches happen daily. Proactively checking if your login information has been exposed is a critical step in protecting your digital identity.
Proactive checking is the best way to protect your accounts.
When a major website is hacked, attackers often steal the user database, including emails and passwords. They then sell this data or use it to try logging into other services, as many people have a habit of reusing passwords.
A Safe Checking Tool: Have I Been Pwned?
Have I Been Pwned (HIBP) is a reputable and free website created by security expert Troy Hunt. It aggregates data from hundreds of publicly known data breaches. It's very simple to use:
- Visit the website: haveibeenpwned.com
- Enter your email address into the search box and click the 'pwned?' button.
- The site will return results showing which breaches your email has appeared in.
HIBP also has a separate feature for you to check if a specific password (not an email) has ever been exposed on the Passwords page.
What to Do if Your Account Has Been Compromised?
1. Change your password immediately: Change the password for the affected account. More importantly, change the password for **all other accounts** where you used the same password.
2. Enable Two-Factor Authentication (2FA): This is the most critical layer of protection. Even if an attacker has your password, they cannot log in without the authentication code from your phone.
3. Use a Password Manager: Tools like Bitwarden, 1Password... help you create and store strong, unique passwords for every website.
Also available in Vietnamese
Read Vietnamese version →