What is haveibeenpwned.com?
A "breach" is an incident where data has been unintentionally exposed to the public. Haveibeenpwned.com is a website that aggregates information on data breaches. You can search for an email address to find out if it has been compromised in a data breach. The website reveals whether an email was included in a breach, and if any other data accompanied it. E.g. date of birth, geographic location, name, password, phone number, physical address, social media profiles, etc.
The Risk
This website is available to the public – it is not account-based access, nor is it behind a paywall. Consequently, it can be used by bad actors in different ways, including but not limited to, scoping out compromised data that they can then procure on the dark net, social engineering, and enabling targeted phishing attacks.
Opting Out
You can now opt out of being included in these searches which helps reduce the information about you online for OSINT.
The website offers three ways of accomplishing this, but we recommend just the first one, removing public searchability, because that leaves the site useful for your individual use:
Remove public searchability – You can still use the website to search for an email address, but only if you verify that you own and control that address, hence the public cannot search for that email address.
Remove from public searchability and list of breaches - The email address is not publicly searchable, and it is removed from the most current list of breaches. But it is retained by the website for monitoring future breaches.
Remove from all breaches – This removes any mention of an email address having been compromised in a data breach. This means that nobody, including the person who owns and controls the email, will then see any results for a search for that email on haveibeenpwned.com. The email address will not be retained for monitoring.
To opt out, visit: Have I Been Pwned: Opt-out
To learn more about keeping your private information secure and keeping cybercriminals away from your business, contact us today at 262-553-6510 or by visiting qpcsecurity.com.