More than 560 million passwords have been leaked: is yours one of them?


Regularly changing your online passwords should be as routine as spring cleaning or a dentist appointment (and just as fun), but many people usually don’t get around to it until it’s too late. You won’t want to make that same mistake this time: According to internet security researchers, more than 560 million passwords have been compromised and posted to an online database. The leaks involve email passwords and login credentials for a number of different online services, all of which have been hacked in the past few years.

The leak was first discovered by Kromtech Security Center earlier in the month, and according to Gizmodo, the claim was backed up by Troy Hunt, creator of the site Have I Been Pwned, which helps people find out whether or not any of their online accounts could have been breached. This leak database is hosted on a cloud-based IP from an unknown user that has been nicknamed “Eddie.”

Using the Have I Been Pwned site, I found a number of places where my main email address has been compromised in a data breach.

  • James Hughes

    “Using the Have I Been Pwned site, I found a number of places where my main email address has been compromised in a data breach.”

    Me too, but since the breaches I have changed my passwords a few times. I also knew about the breaches as soon as it was made public. With being online for so long and having so many email addresses the odds are someone somewhere will pick up one of my email addresses and possibly passwords. I also use unique passwords for all sites which greatly minimizes the risk.

    • Shawnjbrixey


      blockquote>Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !mj319d: On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it !mj319d: ➽➽ ➽➽;➽➽ http://GoogleFinancialJobsCash319HomePointGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!mj319d..,.

  • freediverx

    “Regularly changing your online passwords should be as routine as spring cleaning or a dentist appointment”

    This actually goes against recommendations from security experts. The best practice is to use a password manager to create and manage unique and secure passwords for every website and service you use.

    • Mo

      I don’t understand you. Are you saying security experts recommend not changing one’s passwords?

      • I think if you’re using a password manager it becomes both easier and less important to regularly change passwords. But a negative? No. 🙂

        • Mo

          Easier, yes. Less important? The risks of data breaches remain regardless, no?

          • James Hughes

            Agreed, once a passwords known, it’s known, regardless of how unique it is. Personally I like the control of actually knowing my password and how often I change it. About every three months actually. Plus I use topics, things I am interested in etc and mix them up. I’ve never been comfortable with letting that go.

          • I hear you, but here’s a password I just generated in 1Password: KVi6qnKvuPTBTEoBXaFVxrQdLnLYmKZf.

            That’s 32 characters. I usually generate longer ones, but I didn’t want to break word wrapping here. At 32 characters, we’re already into “not guessable” territory. The only way one of my passwords will get out is if a service’s back end is hacked. And since they’re all unique, that’s not really a problem.

            A lot of problems get reduces drastically by cranking up entropy another few decimal places.

          • Sure, but if I use a unique password per site, all changing the password does is bet that they already have the data for that site but haven’t used it yet.

            It’s a pretty slim bet.

          • Mo

            Seems like a relatively small amount of work to escape that possibility, especially with a password manager.

          • Yes, except if you’re really using unique passwords per site then all changing it does is bet that it’s already been compromised, but is now re-secured.

            Sure, it’s bound to pay off eventually, but sheesh. Even finding the change password button in every web app can be a PITA.

    • drx1

      Or maybe use pass phrases … only a few dozen characters long.