互联网并不安全。这是您无法避免或忽略的事实,尤其是当您计划使用最敏感的数据信任在线服务时。当您阅读本文时,有人试图闯入全球的计算机系统。您可能已经成为数据泄露的受害者,甚至不知道。
值得庆幸的是,您可以通过多种方式检查您的数据是否存在数据泄露风险。Have I Been Pwned和DeHashed等(DeHashed)在线(Online)服务可让您检查在以前的数据泄露中是否提及您的个人数据,例如电子邮件地址或密码。
如果您想快速检查您的数据是否存在数据泄露风险,您可以尝试使用Have I Been Pwned。由安全专家Troy Hunt运营的Have I Been Pwned数据库包括(在发布时)416 个网站泄露事件和超过 90 亿个泄露帐户。
Have I Been Pwned服务允许您在数据库中搜索任何已记录的电子邮件地址或受感染数据泄露数据库中的密码示例。我们始终建议您在将密码输入 Web 表单之前要格外小心,即使使用这样的服务也是如此。
也就是说,如果您的密码被泄露,无论如何它已经处于危险之中。我们建议您定期更改密码并使用顶级密码管理器( top password manager),以便您为每个帐户使用多个强密码。
如果您的电子邮件地址或密码位于网站记录的任何数据泄露中,它会提醒您。使用密码,这将不包括有关哪些网站已被入侵的任何信息,但它会告诉您密码本身在数据泄露中出现的频率。
如果您使用相当常见或不安全的密码,其他人也可能使用相同的密码。使用“password123”或类似密码错误的用户,请注意并立即更改。
对于电子邮件地址,HIBP将为您提供更多详细信息。这包括有关检测到电子邮件地址的站点或违规行为的额外信息。出于安全原因,有关某些违规行为的信息是有限的。
如果您想了解未来的任何数据泄露,请单击HIBP网站顶部的通知我。(Notify Me )然后,只要在将来的泄漏中检测到您的电子邮件地址,您就会收到一封电子邮件通知。
虽然 Have I Been Pwned提供了相当基本的电子邮件和密码搜索,但DeHashed数据泄露搜索引擎的功能要强大得多。它不仅允许您搜索电子邮件和密码,还允许您检查任何类型的数据,包括您的姓名或电话号码。
它拥有超过 110 亿条记录,为用户提供更广泛的可搜索数据。它支持强大的搜索参数,如通配符或正则表达式。还有一个您可以首先检查的违规站点列表,其中包含超过 24,000 个可搜索的数据库。(list of breached sites)
与HIBP一样,DeHashed完全免费使用,尽管某些结果在免费计划中受到审查。如果您想完全访问DeHashed数据库,则一天的费用为 1.99 美元,7 天的费用为 3.49 美元,或 30 天的费用为 9.99 美元。
- 要使用DeHashed ,请将您的搜索数据输入到(DeHashed)DeHashed 主站点页面(main DeHashed site page)上显眼的搜索栏中。这可能是电子邮件地址、姓名、电话号码、密码或其他敏感数据。单击搜索(Search)开始搜索。
- DeHashed将在典型搜索页面上提供匹配结果列表。审查结果将被标记,您需要使用相关订阅登录才能查看这些结果。您还需要订阅才能查看有关任何违规行为的更多详细信息。
- 如果您想知道某个特定网站是否存在违规行为,请前往DeHashed 违规列表(DeHashed breach list),单击Ctrl + F,然后输入您的域名。在大多数现代网络浏览器中,这应该允许您在页面中搜索任何匹配的结果。
虽然不受限制的搜索需要额外付费,但 DeHashed(DeHashed)提供了更广泛的数据集供您搜索违规行为。
BreachAlarm [已停产]
如果 DeHashed 对您来说有点过于复杂,那么BreachAlarm是另一个类似于 Have I Been Pwned的单一搜索服务。这是一项更为有限的服务,它拥有的各种违规数据库中列出了超过 9 亿个电子邮件帐户。
BreachAlarm易于使用,具有易于阅读的违规列表供用户检查,并且像HIBP和DeHashed 一样(DeHashed),是一个供您用于检查数据的搜索引擎。还有一个供企业使用的数据泄露搜索,它可以让您搜索任何提及相关域名的内容。
- 要使用BreachAlarm,请前往主页搜索或企业搜索(可从网站的顶部菜单访问)。在搜索栏中,输入您的电子邮件地址或域名,然后单击“立即检查”(Check Now)开始搜索。
- 为了保护您,BreachAlarm只会提供与您提供的电子邮件地址可能匹配的结果。单击(Click)以确认CAPTCHA ,然后单击(CAPTCHA)我了解(I Understand)接受条款。
- 一旦被接受,BreachAlarm将向您提供有关您的信息是否在以前的数据泄露中被发现的快速概要。检查您的电子邮件地址以获取更多信息,但是,如果您想接收有关未来违规行为的更新,请在弹出窗口中单击免费的 Active Email Watchdog 。(Active Email Watchdog for Free)
通过电子邮件发送的结果将包括您的电子邮件地址被泄露的日期,但不会向您提供有关数据泄露发生地点的信息。如需更多信息,您需要使用列出的其他服务之一。
确保您的数据在线安全(Keeping Your Data Safe Online)
没有一种万无一失的方法可以保护您的数据免受数据泄露。每次您在任何类型的在线服务中注册您的详细信息时,这些数据都会被泄露,并且将来可能会被泄露。
为了尽可能保持安全,您还应该考虑使用LastPass 或 Dashlane(LastPass or Dashlane)等密码管理器来帮助您为每个帐户生成安全密码。请务必定期检查此类服务,以随时了解发生的任何新数据泄露。
How To Know If Your Data Has Been Compromised In a Data Breach
The internet isn’t safe. That’s a fact that уou can’t avoid or ignore, especially if you plan on trusting online services with your most sensitive data. As you read this, attempts are made to break into computer systems across the globe. You might have already been the vіctim of a data breach and not even know it.
Thankfully, there are ways you can check if your data is at risk in a data breach. Online services like Have I Been Pwned, and DeHashed will let you check for any mention of your personal data, like email addresses or passwords, in previous data breaches.
If you want to quickly check whether your data is at risk in a data breach, you can try using Have I Been Pwned. Run by security expert Troy Hunt, the Have I Been Pwned database includes (at the time of publication) 416 website breaches and over nine billion breached accounts.
The Have I Been Pwned service allows you to search the database for any logged examples of email addresses or passwords in compromised data breach databases. We’d always recommend using extreme caution before putting your password into a web form, even with a service like this.
That said, if your password has been compromised, it’s already at risk anyway. We’d advise regularly changing your passwords and using a top password manager to allow you to use multiple, strong passwords for each of your accounts.
If your email address or password is located in any of the site’s recorded data breaches, it’ll alert you. With passwords, this won’t include any information on which sites have been compromised, but it will tell you how often the password itself has appeared in data breaches.
It’s possible that, if you use a fairly common or insecure password, that other people use the same password, too. Users with “password123” or similarly poor passwords, take note and change immediately.
For email addresses, HIBP will provide you with a little bit more detail. This includes extra information on which sites or breaches the email address was detected. For security reasons, information on certain breaches is limited.
If you want to be informed of any future data breaches, click Notify Me at the top of the HIBP website. You’ll then receive an email notification whenever your email address is detected in future leaks.
While Have I Been Pwned provides a fairly basic search for emails and passwords, the DeHashed data breach search engine is far more powerful. Not only does it allow you to search for emails and passwords, but it also lets you check for any kind of data, including your name or phone number.
With over 11 billion records, it has a wider set of searchable data for users. It supports powerful search arguments like wildcards or regex expressions. There’s also a list of breached sites you can check first, with over 24,000 searchable databases.
Like HIBP, DeHashed is completely free to use, although certain results are censored on the free plan. If you want complete access to the DeHashed database, it’ll cost you $1.99 for a single day, $3.49 for seven days, or $9.99 for 30 days.
- To use DeHashed, type your search data into the prominent search bar on the main DeHashed site page. This could be an email address, name, phone number, password, or other sensitive data. Click Search to begin the search.
- DeHashed will provide a list of matching results on a typical search page. Censored results will be marked, and you’ll need to be logged in with a relevant subscription to be able to view these. You’ll also need a subscription to view extra detail about any breaches.
- If you want to know if a particular website has featured in a breach, head to the DeHashed breach list, click Ctrl + F, and type your domain name. This should, in most modern web browsers, allow you to search the page for any matching results.
While it costs extra for unrestricted searches, DeHashed provides a wider set of data for you to search for breaches.
BreachAlarm [discontinued]
If DeHashed is a little too complicated for you to use, then BreachAlarm is another single-search service that works similar to Have I Been Pwned. It’s a much more limited service, with over 900 million email accounts listed in the various breach databases it holds.
BreachAlarm is easy to use, with an easy-to-read breach list that users can check and, like HIBP and DeHashed, a search engine for you to use to check your data. There’s also a data breach search for businesses to use, which lets you search for any mention of a related domain name.
- To use BreachAlarm, head to either the home search or the business search (accessible from the site’s top menu). In the search bar, type either your email address or domain name, then click Check Now to begin the search.
- For your protection, BreachAlarm will only provide results about any potential matches to the email address you provide. Click to confirm the CAPTCHA, then accept the terms by clicking I Understand.
- Once accepted, BreachAlarm will provide you with a quick rundown on whether your information has been found in previous data breaches. Check your email address for more information but, if you want to receive updates on future breaches, click Active Email Watchdog for Free in the pop-up window.
The emailed results will include the date your email address was compromised, but it won’t provide you with information on where the data breach occurred. For further information, you’ll need to use one of the other services listed.
Keeping Your Data Safe Online
There isn’t a foolproof way to keep your data safe from data breaches. Every time you register your details with any kind of online service, that data is given away and might be compromised in the future.
To stay as safe as possible, you should also consider using a password manager like LastPass or Dashlane to help you generate secure passwords for each of your accounts. Be sure to also check services like these regularly to stay informed of any new data breaches that occur.