I buy things from Home Depot.
Far too much of it, in fact.
I almost always pay cash, but the news of the Home Depot hack led me to think long and hard about whether I had ever slapped down a credit card to pay for something at one of the stores. If so, was my information exposed in the hack, a question you should be asking as well if you are a Home Depot customer.
The law requires companies such as Home Depot to publicly disclose data breaches. [You didn’t think they did it out of the kindness of their hearts, did you?] The problem is most of us can’t recall if or when we shopped at various stores. As a result, there is no way to know if our personal information is safe or if 17-year-old Vlad in Vladivostok, Russia is now ordering Ferraris online using our name and information.
Fortunately, one enterprising gentleman has created a free search mechanism that allows you to check if your data has been exposed in most of the major database breaches. That gentleman is Troy Hunter, a software security designer who has created – Have I Been Pwnd. “Pwnd” is slang for being beaten by a superior force on the web. Somewhat similar to saying, “I owned him.”
Anyway, the system looks at a number of the biggest data breaches in history. You can search for either your email address or username to see if it is included in the stolen data. If you receive a positive hit, the system also tells you if the information has been republished anywhere on the web. If so, it is likely your information is being sold or rented to others with nasty intentions.
What data breaches are analyzed? The list includes:
- 152,445,165 Adobe accounts
- 4,821,262 mail.ru Dump accounts
- 4,789,599 Bitcoin Security Forum Gmail Dump accounts
- 4,609,615 Snapchat accounts
- 1,247,574 Gawker accounts
- 1,186,564 Yandex Dump accounts
- 1,057,819 Forbes accounts
- 859,777 Stratfor accounts
- 855,249 Manga Traders accounts
- 530,270 Battlefield Heroes accounts
- 453,427 Yahoo accounts
- 227,746 Cannabis.com accounts
- 202,683 Win7Vista Forum accounts
- 191,540 hackforums.net accounts
- 180,468 AhaShare.com accounts
- 158,093 Boxee accounts
- 148,366 WPT Amateur Poker League accounts
- 116,465 Pokemon Creed accounts
- 104,097 Insanelyi accounts
- 56,021 Vodafone accounts
- 55,622 Spirol accounts
- 45,018 Lounge Board accounts
- 38,108 Pixel Federation accounts
- 37,784 Muslim Directory accounts
- 37,103 Sony accounts
- 36,789 BigMoneyJobs accounts
- 35,368 Fridae accounts
- 28,641 hemmelig.com accounts
- 26,596 Business Acumen Magazine accounts
- 20,902 Bell accounts
- 16,919 Verified accounts
- 5,788 Astropid accounts
- 3,200 UN Internet Governance Forum accounts
- 2,239 Tesco accounts
This obviously does not cover every breach, but the service is free and a sufficient number of breaches are covered to at least give you an idea if something is amiss. Still, one hopes Hunter will include the Home Depot breach soon.
Hunter claims that the usernames and email addresses you supply are not saved by his system. There is no process for verifying this promise, but Hunter would need balls the size of Mount Everest to store such information in contravention of his promises on the site. I feel comfortable enough with the service to use it and haven’t noticed an increase in the Viagra/Nigerian oil minister spam I receive nor have my bank accounts been cleared out.
Data breaches are a fact of life in a digital world and will continue to be for the foreseeable future. With “Have I Been Pwnd,” at least you can now get a good idea of whether your information has been swept up in one.
Richard A. Chapo, Esq.