Have „you“ been pwned?

Find data leaks with free service

Since 2013 there is a security service on the Internet, which checks by entering the e-mail address or the complete domain name, whether personal data has been compromised by data leaks. The service is called "Have I been pwned?" or "HIBP". It collects known or unknown hacks in a database and can thus match the entered e-mail address with this one. The user learns in a matter of seconds whether their own e-mail address has already been hacked. Similarly, there is the ability to check if passwords have already been used in the past. The project was founded by security researcher Troy Hunt.

Governments are already using the service

In Troy Hunt's blog he is surprised that not only private users are using this service. Even governments take advantage it. The British and Australian governments already check on "Have I been pwned?", whether the government domains are still unaffected.

Other manufacturers are interested in integration

Troy Hunt offers on its page APIs for use in other apps. Mozilla's Firefox wants to integrate the service to notify users when they visit a Web site (for example, using a form on a sign-in page) that is known to have recently been hacked.

What does "Have I been pwned" mean?

The name "Have I been pwned?" is script kiddie jargon (read here what a script kiddie is) and refers to the term "pwn". This refers to taking control over a computer or an application. The string '; - - in the HIBP logo is a common SQL injection attack string.

Is the service free?

The service is completely free! Just go to the following website: https://haveibeenpwned.com/  On the homepage you can also see which major data leaks are currently up-to-date.

Call Back