近 6.68 亿用户帐户在 2018 年发生的数据泄露事件中遭到破坏,2017 年有惊人的 15.78 亿个帐户遭到破坏。最近的泄露事件之一是广受欢迎的塞勒姆(Salem)镇游戏的创建者(Town)BlankMediaGames。仅在该违规行为中,就有超过 760 万个帐户遭到入侵。
当您注册的网站被黑客入侵时,您的信息可能——而且很可能会——被存储、出售或泄露。如果您在该网站上使用与其他人相同的电子邮件地址和密码,黑客可以轻松访问您的信息。这就是为什么这么多安全专家建议您为加入的每个网站使用不同的密码。
保护的关键是意识。如果您知道某个帐户何时被盗用,您可以采取措施保护其他帐户。就是这样。
(Take)利用HaveIBeenPwned.com _(HaveIBeenPwned.com)
网上还有其他类似的文章,但很多都已经过时了。福布斯特别有一个列出了几个网站,但在测试中我们发现他们的安全证书已经过期或者他们抛出了 403 Forbidden错误。即使你可以让这些工作,是否值得冒险?
一个网站一次又一次地证明了自己:HaveIBeenPwned.com。该网站根据违规数据库检查电子邮件地址,并告诉您您的电子邮件地址是否已在发生的众多违规行为之一中传播。HaveIBeenPwned 还列出了最近的违规行为和最大的违规行为。
如何使用 HaveIBeenPwned.com(How
to Use HaveIBeenPwned.com)
看看上面的图片。找出一个帐户是否已被盗用只需一个步骤:只需进入搜索框并按下“pwned?” 按钮。(如果您好奇,pwned 是“拥有”的拼写错误,这是 1990 年代末 / 2000 年代初在互联网上的侮辱。)
以下是我们测试地址时发生的情况:
我知道由于WordPress(WordPress)的大规模泄露,该帐户已被盗用,并已采取措施保护它。如果您的电子邮件地址因多次违规(如下所示)而遭到入侵,您可以查看列表并找出哪些是最危险的。
如果您在多个网站上使用相同的电子邮件地址,请确保为每个网站设置不同的密码。
在通知下方,您会看到帐户被盗的时间和地点的说明,以及如何提高帐户安全性的步骤。它还会告诉您违规行为是否涉及电子邮件、密码、姓名、位置等。
监控域和地址(Monitor
Domains and Addresses)
如果您拥有给定的 Web 域,则可以在该域上的帐户遭到入侵时设置自动警报。HaveIBeenPwned 需要在您能够接收这些通知之前验证所有权和其他几个安全层,这降低了某人可以收集他们不应该拥有的信息的风险。
您还可以输入电子邮件地址,并在发生值得注意的违规行为时收到通知。
创建强密码(Creating
a Strong Password)
为每个网站使用不同的密码很麻烦,但与您的身份被盗或其他重要信息泄露时您会遇到的头痛相比,它就相形见绌了。强密码应具有以下关键要素:
- 密码至少为 12 个字符,但最好多一些。
- 密码应该是大小写字母、数字和符号的组合。
- 密码不应与您的电子邮件地址相似。
- 密码不应是常用词或短语。
尽管无论您采取了多少安全措施,都无法 100% 保证帐户安全,但您可以通过在您浏览的每个网站上使用强、不同的密码并监控可能相关的数据泄露来降低黑客获得访问权限的风险给你。
Find Out If Your Email Has Been Compromised in a Data Breach
Nearly 668 million user accounts were compromised in data breaches that took place in 2018, and an astounding 1.578 billion accounts were compromised in 2017. One of the most recent breaches was BlankMediaGames, creators of the popular Town of Ѕalem title. Over 7.6 million accounts were compromised in that breach alone.
When a website you’ve registered on is
hacked, your information can—and likely will—be stored, sold, or leaked. If you
use the same email address and password on that website as others, hackers can
easily gain access to your information. It’s why so many security experts
recommend you use a different password for every website you join.
The key to protection is awareness. If you
know when an account has been compromised, you can take steps to safeguard
other accounts. Here’s how.
Take Advantage of HaveIBeenPwned.com
There are other articles like this one on the web, but many are outdated. Forbes in particular has one that lists several websites, but in testing we discovered their security certificates have expired or they threw a 403 Forbidden error. Even if you could get these to work, is it worth the risk?
One site has proven itself time and time again: HaveIBeenPwned.com. The website checks email addresses against a database of breaches and tells you whether your email address has been spread in one of the many breaches that take place. HaveIBeenPwned also lists both the most recent breaches and the largest breaches.
How
to Use HaveIBeenPwned.com
Take a look at the image above. There is a
single step involved in finding out whether an account has been compromised:
just enter into the search box and pressed the “pwned?” button. (If
you’re curious, pwned is a misspelling of “owned,” an Internet-born
insult of the late 1990s/early 2000s.)
Here’s what happens when we test an
address:
I knew the account had been compromised a while back due to the large WordPress breach, and measures have been taken to safeguard it. If your email address has been compromised because of multiple breaches (like the one below), you can look through the lists and find out which ones are the most dangerous.
If you use the same email address across multiple websites, make sure to have a different password for each.
Beneath the notification, you’ll see an explanation of when and where the account was compromised, as well as steps on how to improve your account security. It will also tell you whether the breach involved emails, passwords, names, locations, etc.
Monitor
Domains and Addresses
If you own a given web domain, you can set
up automatic alerts should the accounts on the domain ever become compromised.
HaveIBeenPwned requires verification of ownership and several other security
layers before you are able to receive these notifications, which reduces the
risk that someone can gather information they aren’t meant to have.
You can also enter an email address and be
notified when noteworthy breaches take place.
Creating
a Strong Password
It’s a hassle to use different passwords
for each website, but it pales in comparison to the headache you’ll experience
if your identity is stolen or other important information is leaked. A strong
password should have these key elements:
- The password is at least 12
characters, but more is preferred.
- The password should be a mix of
upper and lower case letters, numbers, and symbols.
- The password should have no
resemblance to your email address.
- The password should not be a
common word or phrase.
While there is no 100% guarantee of account
security no matter how many safeguards you put in place, you can reduce the
risk that a hacker will gain access by using strong, distinct passwords on each
website you browse and monitoring data breaches that may be relevant to you.