Firefox Monitor offers people the ability to see if their email addresses have been taken in data breaches.
I used it to check my work address and discovered that it had been taken in three breaches, the most worrisome being the Exactis one.
Luckily, one of my banks offers a service called CreditWise, which scans the dark web daily looking for appearances of my information.
This is a cool application! The email check is based on the “Have I been Pwned” database, which was created and is maintained by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.
If you do not have Firefox, then you can do the same check here:
If you find out that have been breached, there are instructions on the site on what do, but at least it involves changing the passwords on any site where you used the same one as on the breached site. (Even better to do a full password change across the board).
Got another notification today, perhaps as a result of the Marriott breach.
What To Do Next
Change your passwords, even for old accounts
If you can’t log in, contact the website to ask how you can recover or shut down the account. See an account you don’t recognize? The site may have changed names or someone may have created an account for you.
If you reuse an exposed password, change it
Hackers may try to reuse your exposed password to get into other accounts. Create a different password for each website, especially for your bank account, email and other websites where you save personal information.
Take extra steps to secure your financial accounts
Most breaches only expose emails and passwords, but some do include sensitive financial information. If your bank account or credit card numbers were included in a breach, alert your bank to possible fraud, and monitor statements for charges you don’t recognize.
Get help creating good passwords and keeping them safe.
Password managers like 1Password, LastPass, Dashlane, and Bitwarden generate strong passwords, store them securely, and fill them into websites for you.
Probably haveibeenpwned will also say which service was breached. Without that information it is hard to act efficiently. BTW, Marriott said they would send everyone involved in the breach an email. If it was Mariott and you didn’t receive that, then that is interesting to know.
