Bitcoin Forum

A data breach occurs from time to time. Even some of the platforms we put so much trust in, can still be breached and data would be stolen. It's that common. If you start receiving random emails/phishing emails, It's a good idea to check if your data including your email has been involved in a breach..

The Wikipedia definition of a data breach


Here are some notable crypto data breaches 👇

• Binance KYC Leak ~ https://www.coindesk.com/binance-kyc-issue
• Bitmex data leak (November 2019) https://cryptobriefing.com/bitmex-user-emails-data-leak-twitter-hack/

While data breaches doesn't have much repercussions, it'll interest you to know that the data stolen can be used for a vast majority of purposes like an identity theft, phishing attacks etc.

How to check if your data has been leaked

STEP 1 : Goto: https://haveibeenpwned.com/

---

STEP 2: Type in your email address in the space provided and click the 'pwned' button  as seen below:

---

https://i.postimg.cc/qB3WsGsY/IMG-20191114-223456.jpg

---

STEP 3: Scroll down and Voila! You should see the website breaches that your email has been linked with. Like this :
https://i.postimg.cc/Y9skvqwW/IMG-20191114-223348.jpg

Turns out there are other tools like  Microsoft has a similar tool for achieving same result (for those feeling less secured while using Ihavebeenpwned) - - Thanks desticy






... And that's all you've to do. If you've any questions, feel free to leave it below or better still, check Pwned's  Frequently Asked Questions (https://haveibeenpwned.com/FAQs)

---

I already tried this I saw my email address is included and I got some warning that my email address have been pawned.
Any advice what to do? Or just change the password of it and continue to use it would be still okay? Because most of my accounts are there and my contacts are there too.

I would advice to make an email only for use the Exchange.
If you use more Exchanges best thing would be to have diffrent emails for it,
so the chances are small that your others Login details and Accounts get leaked or hacked also when there is something again or there is someone hack your email account.
Also use diffrent passwords .

I believe the best thing to do is to change your password and set up 2fa if your email service provider have this feature.
Finding your email on the list of pwned emails doesn't mean that your password was leaked too since most of the hacked websites, from where this list was taken, do not store passwords in plain-text formats but just store their hashes.

However you can expect your Inbox to get flooded with hundreds of spam emails.

How secure is the site privacy wise. Can it be confirmed that the site isn't storing the email addresses input into their system and probably selling them to third parties to be used for email marketing.

I try to avoid reviewing my email to sites that shouldn't have them in the first place just for extra precaution measure most especially as I hate unsolicited email and can't stand seeing them in inbox.

Thank. You can also try the Mozilla browser development site to check your email for leaks [1]. In addition, there is a list of all data leaks that occurred in chronological order [2]. As well as a fairly extensive page of security tips [3].

[1] https://monitor.firefox.com/
[2] https://monitor.firefox.com/breaches
[3] https://monitor.firefox.com/security-tips

Kind of unusual to see for a rank like you having trouble about what to do. Changing login details is always the basic thing to do. Always set-up 2FA too or any other forms of additional security layers.

And even you changed passwords, your email will not be removed there as pawned since it was already pawned on that said website. As long as you maintain and always follow the basic protocols about the security of your belongings, no need to worry about the possible account breached.

As far as I know, Ihavebeenpwned isn't storing email addresses searched for on their website. I got this from their FAQs section 👇.

---

Thank you. I didn't know about Mozilla Monitor service until you mentioned it. I've added it to OP as it serves same purpose and it'll come in handy for users who are concerned about their privacy with Ihavebeenpwned site since Mozilla is a known organization.

Another site that I've used to see if any of my emails or passwords have been leaked is Spycloud (click for direct link) (https://spycloud.com/) which also happens to show the password(s) attached to your email when possible; if you get a long string for the password, it's likely because the password's been hashed and isn't immediately decipherable. The site also doesn't seem to have access to nearly as many databases as HIBP, though, and it's possible you might end up on a spam list from using the service even though they suggest it won't.

You should still be changing your passwords regularly and especially if you know it's been part of a data breach regardless of whether or not it's been hashed or encrypted anyways though, and so I still mainly use HIBP as a result.

It's a good service, I checked my email and found that it was exposed through a Canva data breach.
It is best for everyone to use trusted email for the platforms with a clean device and another for other transactions.
The fact that your account is safe does not mean you are okay, just posting it to the public means anything can happen.

I'm glad to hear you found the guide useful. Like you said, It's always advisable to have multiple emails for each purposes. That way, You'll limit the possibility of your main email getting in a data leak. Security should also be on top of  everyone's priority list when dealing with credentials online. There's no telling what could happen if security is overlooked or ignored.

They can write anything in their FAQ, that doesn't prove anything.
I am a skeptical person by nature and don't believe that someone would provide such service for free.

You may think I am being delusional but here is what I think:
They have a database containing more than 8.500.000.000 email addresses and hashed passwords. Obviously they can't heck them all knowing that most of them are throwaway emails.
By entering your email address there, you are telling them that you care about it and Hence there are high chances that it contains some valuable information.
Also, they provide a service to check if your password was leaked! If you enter your password then they can generate its hash and compare it with other hashes on their database.

I get your point and I understand the point you're trying to drive home. The website did make one thing clear


If you're not comfortable with using IhaveBeenPwned, You can use  Mozilla Monitor  (https://monitor.firefox.com). It's not every website that provides a value for FREE that  is actually bad.

I saw some similar site on the internet which titles "Have your password been pwned?" Some of them might just stored the passwords I think, so everyone should be a little careful while actually entering personal information on sites to check. Don't be pwned while checking whether you've been pwned.  ;D

@nelson4lov, thanks for the link.
Just checked on of my old emails and found it was pwned 5times. The first leak was in 2013  :D

However, I noticed that Mozilla Monitor results are being provided by Have I Been Pwned (https://haveibeenpwned.com/). But what I like about them is that when you subscribe they will notify you when you visit one of the websites that has been breached.

Good guide @nelson4lov
Everyone should check their email for potential leaks, and change passwords.

One more alternative website where you can check then same thing about email leaks:
https://haveibeensold.app/

I know for certain that my email has been shared to the public without my permission (Thanks BitMex ???) But I took certain steps to make sure that doesn't affect me at all, I know they say that no account is too strong to be hacked but the way I secured mine, it's looking a lot like Fort Knox and any hacker who manages to breach it really deserves to get whatever they want because I would be impressed, apart from using a long and complicated password, I urge everyone to use a secures recovery phone number and email and multiple 2FA, make it so complicated that even when you are trying to log into your account, it stresses you.

Bump.

Several breaches, no pastes. Pretty scary that those you think are secure could still succumb to these breaches :/

I will never type a password anywhere on similar website, mail is completely a different kettle of fish. When it comes to login on exchange, it's good to have separate email only for use it there

Every week i get notification in my email about request access in website wallet like Coinbase,Coins.id.
But i don't care with them because i don't have any crypto in there  ;D

After i see this post and check. My email is pwned.

https://i.postimg.cc/BQwf9QyQ/IMG-20191128-190144.jpg

Sorry. These things happen.At least you know why you've been receiving the emails. Now you know, It's important that you do the needful. Since you're already receiving phishing emails, You can go ahead and block the sender. Next, mark the email ✅ as spam. That way, Google will put it in the spam folder next time.

This is really bad advice. Site like this often exist only to get your private data so active email address that you checking.
Better method is to register with new email on every new website. So for example you use:
peter@gmail.com  (as personal email but you want to register on coinbase and gemini exchange)
peter_gemini@gmail.com (create filter to redirect all emails to peter@gmail.com)
peter_coinbase@gmail.com (create filter to redirect all emails to peter@gmail.com)

Then you use one email, but you are 100% sure from which service (email) you start to receive spam.

Bump for visibility.

I imagine there are people who will setup their email password this way:
peter@gmail.com: passphrase A + (@gmail or _gmail or gmail)
peter_gemini@gmail.com: passphrase A + (@gemini or _gemini or gemini)
peter_coinbase@gmail.com: passphrase A + (@coinbase or _coinbase or coinbase)

This is a very terrible method to setup password. The better method is using randomly created passwords.

Agreed. The process is tedious and isn't as secured as he said. A more better approach is to utilize the usefulness of password managers as they put a stop to the use of repetitive passwords across more than one website thus promoting unique passwords.

You've said a lot of good because sometimes we think our email address is safe and then it becomes a data breach and we're the victim That's why I benefited by your post that if we have a problem like this we will benefit a little if we change the password It is good to check different things without it.

It's better to know. Lack of knowledge isn't good. At least once you check and maybe you were pwned in the past, You'll get an idea of where phishing emails are from and then rryto mitigate or control it.

I totally agree. Lack of knowledge won't help anyone keep their assets safe. It could also lead to identity theft which is not good. Well, there is a way to make it safer and the best way to avoid your email breach is to use different emails and different password. Using oassword manager would make it help manage your passwords

bump.

I tried this site and put my mail in it and it is good that I am able to find any breach in my mail and I have now been able to make sure that my mail is safe I hope everyone will try this site

I'm glad to hear you found this thread helpful. I usually check my emails from time to time. Don't want to be caught with my pants down.

---

Update

Google chrome now ships a data breach notification feature out of the box. When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used. You can use this as an alternative to IhaveBeenPwned if you prefer not to enter your email at an unknown website.

How to toggle the feature?
1. Goto Settings
2. Click on Sync & Google services.
3. Scroll down and then toggle feature on / off depending on what you want:
https://i.postimg.cc/wBjFqRP0/IMG-20200807-103705.jpg