Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

How to spot if your password was stolen in a security breach

1 March 2019 Information Security

By Carey van Vlaanderen, CEO at ESET South Africa.

“Following the revelation that a list of millions of stolen usernames and passwords had appeared online, we share a few different ways to find out if your credentials were stolen in any security breach”, says Carey van Vlaanderen, CEO at ESET South Africa.

In mid-January, researcher Troy Hunt revealed that a list was floating around in the storage space of MEGA cloud as well as in several hacking forums. Going by the name of Collection#1, it contains the largest theft of passwords organised into a list to date, comprising more than 700 million email addresses and more than 20 million passwords.

Once we hear something about this, it is only natural that we might wonder if our own email addresses and/or passwords we use to access our accounts are among them, or if they have been snatched as part of any other infiltration or security breach. Discovering if our credentials have been robbed or not can also give us an idea of whether the passwords we are choosing when we register with a new service, or when we update our password, are sufficiently secure. In this article we will tell you how to find out if your email address or password has been stolen and to check if passwords you are choosing are secure or not.

The first service we are going to look at is Have I Been Pwned. This service allows users to check if their email address has been stolen and included in any of the various lists of email and password information circulating online. Furthermore, their address database is kept up to date and includes the emails and passwords which were stolen recently.

Upon entering the site, the user will be able to view a database of more than 6 billion accounts which have at some point been stolen.

ESET decided to check an email address and saw that unfortunately the address entered had indeed been stolen at some point. Scrolling in the page, they saw more details of the types of services that compromised the email address that was being checked.

The information is sorted by date and by the hacked sites where the information was stolen. For example, there are well-known cases such as the LinkedIn and Taringa data breaches, as well as some of the lists which regularly do the rounds and contain data collated from various websites.

Once we know this, what can they do? It goes without saying that users should change their passwords on the websites mentioned, but it is also very common for people to use the same credentials for more than one website or service, so the user needs to change the stolen passsword on all the websites they use it on, because once their password is in someone else’s hands, we cannot know how many different websites they might try and log into with those credentials.

When it comes to choosing a new password we recommend another very useful tool on the same website. This time, the website tells you how many times the password you enter has been used and subsequently stolen.

Another important thing to keep in mind when choosing a secure password, besides checking if it appears in any database of stolen passwords, is to follow good practices.

Use a combination of alphanumeric characters

• Use special characters

• It should be at least eight characters long (and more than 10 will give you even more security against a brute force attack)

• In addition, consider using two-factor authentication, which adds a second layer of security on top of your chosen password.

But the most important thing is for it to be easy for us to remember, because if racking our brains to think of it results in writing it down on a piece of paper or, even worse, sticking it to the bottom of the monitor – or indeed any of the other myriad solutions we have come across – then all the security measures we have used will prove to be worthless.

For users who use a password manager such as KeePass, which allows you to generate more secure combinations and store them encrypted with the password manager itself, there is the option to compare all the passwords you have in it against a Have I been Pwned database, thanks to a tool published on GitHub.

The application is called kdbxpasswordpwned and it allows you to automatically compare all the passwords you have stored in KeePass versus the database of stolen passwords. The application is aimed at users with above-average technical knowledge.)

And to give one last tip, we should be wary if we receive emails in which the sender tries to extort money out of us on the grounds that they have our passwords. At ESET, the company has seen fake sextortion campaigns are still taking place, in which the recipient is sent an email containing their password in the message (either in the subject line or in the first few lines of body text) and is asked to pay an amount of money.

Remember to change your passwords regularly, even if the applications and services you use don’t ask you to and use two-factor authentication on the services that allow it. By doing so, you can keep your personal data more secure and reduce chances of someone else gaining access to it.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...
Industrial sector is a primary cyber target
Information Security
Threats in industrial environments are distributed with striking uniformity: APT-driven incidents constitute 17,8%, malware 14,9% and social engineering 13,9%. This pattern suggests that industrial organisations attract a broad range of adversaries with different capabilities and objectives.

Read more...
Key attributes of an effective cybersecurity leader
BlueVision Information Security
In an evolving technology landscape, an effective cyber leader must combine technical acumen, foresight, and adaptive leadership to mitigate risks, and risks can only be mitigated once accurately identified and remedial processes are in place.

Read more...
Employees are SA’s biggest cyber threat
Security Services & Risk Management Information Security
South Africa experienced a 46% increase in insider cyber risk in 2026, surpassing the global average of 44%. What is more, 63% of South African companies surveyed expect insider-driven data losses to increase.

Read more...
Surge in AI-enabled cybercrime and a 389% increase in ransomware
News & Events Information Security
Cybercrime no longer functions as a series of isolated campaigns; it operates as a system, with malicious hackers operating across an end-to-end life cycle and compressing the attack life cycle with shadow agents.

Read more...
Tackling enterprise security ‘tool sprawl’
NEC XON Information Security
South African ICT solutions provider NEC XON is advocating a shift away from fragmented cybersecurity toolsets towards unified platforms, arguing that ‘tool sprawl’ is undermining the effectiveness of enterprise security operations.

Read more...
SilverFox campaign targeting companies in South Africa
Information Security News & Events
The APT campaign involved disguising malicious files as documents related to tax violations. Upon infection, attackers could gain remote access to affected devices and exfiltrate sensitive organisational data.

Read more...
Q-Day is closer than you think
Information Security
The accelerated 2029 quantum computing deadline turns current encryption into a looming crisis as Google brings its internal post-quantum cryptography migration deadline forward to 2029.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.