Recently Dropbox has been in the news regarding hacked account credentials. Before that, it was LinkedIn with stolen email addresses and password hashes, and also, Snapchat, Tumblr, Adobe, Android Forums, Bell, Comcast, Dominos, Yahoo, and the list goes on.
How does a person know if their login credentials (e.g. email address, password) have been compromised?
There is no foolproof way to know with 100% certainty. However, there is a free online web tool that searches lists of known security breaches and will tell you if your email address is found on any of these known lists of exposed login credentials.
Check your email address here: haveibeenpwned.com
If your email address is found by this tool, it will let you know which site the leak came from (e.g. Dropbox, LinkedIn, whatever), indicating that you should change your password on any such identified sites as soon as possible.
As a bonus, this site also lets you subscribe to be notified if the site ever finds your email address in a future data breach (so you know to change your password on the compromised site).
This tool is by Troy Hunt, an international speaker on web security and the author of many top-rating security courses for web developers. He says of this tool, “it’s a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or ‘pwned’ in a data breach.”