Security researcher Troy Hunt has updated his valuable Have I Been Pwned free data breach notification service with as many as 71 million email addresses linked to hacked accounts.
The hijacked details were leaked online as part of the Naz.API dataset, which is a collection of over one billion user credentials stolen in previous data breaches and by malware tools.
Hunt said that the dataset was made available to him by a big name tech firm, after which he was able to add it to his database. The good news is this means you can now check if any of your compromised information was made public in the massive Naz.API data dump.
What is the Naz.API Dataset and Why Should You Care?
The Naz.API dataset is a collection of over a billion user details stolen by cybercriminals in previous data breaches and malware campaigns.
It’s particularly worrying because it contains countless login and password pairs that can be used in “credential stuffing” attacks, whereby previously hacked details are used to gain access to new accounts.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
Of course, you needn’t really worry about credential stuffing attacks affecting you if you use unique passwords on all your accounts. This is one of the main reasons we recommend password managers so highly, as they make the process easy.
How to Check if Your Email Address Leaked in the Naz.API Dump
To check if your email address is linked to the Naz.API dataset, all you need to do is go to the Have I Been Pwned website as mentioned above.
There, you simply enter the email address (or addresses) you want to scan for association with known data breaches and leaks. You can even use its notification service to warn you if you’ve been compromised in the future.
The service has been around for over 10 years and was set up in the wake of the massive Adobe hack in 2023. Here’s a little more about it, so you know you can trust it.
Image credit: Troy Hunt via Bleeping Computer
What is Have I Been Pwned and Is It Reliable?
Have I Been Pwned is a long-standing data breach checking service. “Pwned” is old school gamer slang for “owned” and is therefore associated with being compromised online.
Its purpose is simple: to let you know if you’ve been hacked and your details compromised, so you change them in good time on other accounts. Essentially, it’s a massive database of hacked credentials, so when you put in your email address, a few seconds later it tells you if that account is linked to any known data breaches, dumps or other leaks.
It was set up by infosec veteran Troy Hunt, who’s also a regional director at Microsoft, as a way to help fight back against the inevitability that people re-use passwords across multiple accounts – or use weak, easily hackable passwords to begin.
We all do it, even though we know we shouldn’t, but with Have I Been Pwned at least you get a heads up so you can try and remedy things before it’s too late. You can also test your password strength for free, to see how vulnerable you may be to bad actors.
