Over the years, many websites and services have been hacked by groups of hackers. These hacks create lists that contain manipulated emails and associated passwords. These groups often use them as a bargaining chip to blackmail their victims for money.
Given the amount of data stolen by these hacks, it can be tedious to scan the information to find out if your email address and password can be tampered with.
To simplify this process, Troy Hunt, regional director of Microsoft and MVP for developer security, used his own spare time to create a website called “Have I been put on hold?” This can help users to know if their credentials are compromised.
The operation of this site is relatively simple: the user enters either his email address and password in the dialog provided and clicks on “pwned?” Button. After a few seconds, the website published information about the security of its credentials.
If the credentials in question are secure, the website displays a green label informing the user that the credentials are not being displayed in the database, so that they are secure at the time of exam.
However, if the credentials are in the known hacks and passwords database, a red warning is displayed on the website, informing the user that the credentials may have been tampered with.
In the event that the user recovers their email address or username, the website also highlights hacks that may have compromised their credentials.
The information required to create “Have I been verified?” Was used was obtained from the lists of Anti Public Data Dump and Exploit.in. Therefore, the website is somewhat accurate in determining whether or not a password has been tampered with.
Although the list is reliable, Hunt mentioned that the website is by no means perfect and that users should remain vigilant about the security of their account.
Most importantly, Hunt explicitly reminds those who wish to use the website to never enter a password that they currently use for their accounts. Although the website does not save passwords, Hunt believes that entering a password into a random third-party service is not exactly a smart decision.
Read Also :