Curious about Have I Been Hacked (HIBH)?

Wondering about the term "hacked"? Originating from gaming jargon, "hacked" is a variation of "owned" and signifies control or compromise, as in "I was hacked in the Adobe data breach". Learn more about how "hacked" has transitioned from hacker slang to a common internet taunt.

Questions & Answers

  • 1. What constitutes a "breach," and where does the data originate?

    A breach occurs when data is unintentionally exposed in a vulnerable system, often due to inadequate access controls or software security weaknesses. HIBH consolidates breaches, allowing individuals to assess where their personal data may have been compromised.

  • 2. Concerned about stored user passwords?

    When email addresses from a breach are entered into the site, no corresponding passwords accompany them. Moreover, the Hacked Passwords service lets users check if a specific password has been compromised. Passwords are securely hashed, protecting users' personal data.

  • 3. Worried about disclosing passwords to users?

    The site refrains from sending passwords to individuals to minimize risks to both users and the platform. This decision is elaborated in detail in a blog post addressing password accessibility concerns.

  • 4. Curious about notifications and privacy?

    Notifications are sent only to monitored addresses for privacy reasons.Sensitive breaches may not be publicly searchable and require verification for access.

  • 5. Wondering if a comprehensive list of email addresses is available?

    The public search feature only provides results for single user-provided email addresses or usernames. Multiple breached accounts can be retrieved using the domain search feature, but authorization is required to access domain assets.

  • 6. Curious about breaches where passwords aren't leaked?

    Sometimes, breaches may not include credentials for online services, yet they still pose a privacy risk. Individuals affected by such breaches deserve notification to ensure their security.

  • 7. How are breaches verified?

    To authenticate breaches, various measures are taken, including cross-referencing with public acknowledgments, data consistency checks, and evaluating attackers' credibility and history.

  • 8. What's the significance of a "paste" on the site?

    A paste refers to information shared on public platforms like Pastebin. HIBH scans pastes for potential indicators of breaches, enabling users to assess if their accounts have been compromised and take appropriate actions.

  • 9. Concerned about search logging?

    The website doesn't log search activities explicitly, preserving user privacy.

  • 10. Unsure if your email has been compromised?

    HIBH contains only a subset of breached records, and many breaches go undetected or unreported. Absence of evidence here doesn't guarantee safety from breaches elsewhere.

  • 11. Noticing your username or email in unexpected breaches?

    Finding your username or email in unrelated breaches is possible due to shared or reused identifiers across platforms.

  • 12. What about data storage practices?

    Breached accounts are stored securely in Windows Azure table storage, containing only email addresses or usernames and the breached sites they appear on.

What's the significance of "subscription free" and "spam list" breaches?

Some breaches are flagged as subscription free, enabling unrestricted domain searches. Spam lists may contain personal data used for spamming purposes.

Questions & Answers

  • 1. Concerned about malware breaches?

    HIBH includes data obtained from malware campaigns, helping users identify potential threats to their devices.

  • 2. Understanding "Hacked Passwords"?

    This service flags passwords previously exposed in breaches, urging users to avoid using compromised passwords.

  • 3. Experiencing hacks after using HIBH?

    Searches on HIBH are anonymous and encrypted, and no user data is logged, reducing security risks.

  • 4. Seeking more information?

    Visit troyhunt.com for detailed insights into HIBH's design and implementation on the Windows Azure platform.

  • 5. How does HIBH handle email address variations?

    Some users employ "plus aliasing" in email addresses, adding extra identifiers for different sites. While this feature isn't currently supported, it's relatively rare and may be considered in the future.

  • 6. What's the source of notification emails?

    All emails originate from [email protected]. If expected emails don't arrive, consider whitelisting this address.

  • 7. Concerned about privacy and intent?

    HIBH is solely intended as a free service to assess breach risks and doesn't harvest or misuse email addresses.

  • 8. What defines a "sensitive breach"?

    Sensitive breaches can only be searched by verified owners of the email addresses involved, ensuring privacy and security.

  • 9. Need to link directly to an account search?

    Construct links to automatically search for specific accounts by passing the name after the "account" path.

  • 10. Interested in submitting a data breach?

    Contact the platform to submit potential breaches for consideration.