So, before we dive in, here is a little background on ’being pwned’. The word ‘pwned’ is derived from the verb to have been ‘owned’. It implies that someone has ownership of, or has acquired access to something. In the online gaming world, being ‘pwned’ has taken on more of an identity as a taunt to an opponent who has been beaten or ‘owned’ by another player. Therefore, to take it one step further, in the online hacking world, being pwned would mean that someone has been able to gain information or access to a secure network which they shouldn’t have been able to.
Could you have been affected?
In our increasingly connected and online times, we often use the same email addresses and usernames to log into many different online accounts across the internet. By itself, this isn’t an issue, but the problem comes from when hackers are able to create data breaches and gain knowledge of these usernames and emails used to sign up to particular sites.
One of the most high-profile data breaches in recent times came when the (now infamous) dating site, Ashley Madison, a dating service and social networking service marketed to people who are married or in relationships. The personal information of many of its users was held hostage and subsequently leaked online, thus exposing many of those who had hoped to have stayed anonymous.
Although you may have only heard of this particularly newsworthy data breach, it is by no means isolated; over 150 million Adobe accounts and 160 million LinkedIn accounts have been subject to some of the largest data breaches in recent times.
The size of these breaches is almost incomprehensible, especially considering how little news coverage any of these major security breaches get. But how can you know if your personal email and data have been exposed?
Troy Hunt, a web security expert, created website haveibeenpwned.com that allows you to type in your email addresses to see how many times, if any, they have been found inside large dumps of data that have been breached and exposed online.
What’s so bad about being ‘pwned’?
No one ever wants to hear that they have been ‘pwned’, but why not? What is so bad about having your email address exposed online? One could make the argument that we give out our email to work colleagues all the time. Hundreds, perhaps thousands of people may have seen our email copied in on work issues and discussions. So, what is the difference when they are part of a data breach?
To illustrate this point, let’s use an analogy:
If a burglar wants to break into your house (your account), they need to know your address (your email), but to get in, they will need the keys to your front door (your password).
How much harder would it have been to break into your house if they didn’t know your address in the first place? The reason it is dangerous to have your emails and usernames exposed in data breaches, aside from the breach in privacy, is because it makes it significantly easier for hackers to then break into your account if all they need to do is to figure out one password.
How to protect yourself against being ‘pwned’?
So, now that we know what it means to have been ‘pwned’, how to check if you have been ‘pwned’, and why it is bad. Now let’s look at what you can do if your result on haveibeenpwned.com is a resounding YES.
1. Make sure you do not use the same password for multiple accounts
If a hacker can guess your password then they will now have access to any account which uses the same email and password combination.
If they break down one door you don’t want to open the rest for them without a fight.
2. Make sure your new passwords are strong in quality
If your password is ‘password’ or ‘qwerty’, then you are making the hacker’s job very easy indeed. A quick Google search can take you to a number of random password generators which will do the job for you. Consider keeping your passwords in a secure place so that if you forget them you have easy access, but the hackers don’t.
3. Enable 2-factor authentication
Enabling 2 factor authentication (also known as 2FA, two step verification or TFA) makes the process of changing your password more secure. It is an additional security layer that addresses the vulnerabilities of a standard password-only approach. There is a plethora of online tools that can help you.
4. Change passwords regularly
It is universally recommended that you change your password at least once every 6 months, so that if further data breaches in the future put you at risk, you are still protected.
Happy browsing and make sure you follow some of our industry tips to help you stay secure and safe from being ‘pwned’.