The best way is to find out if your security has been compromised as soon as possible so you can take personal action, which is where data breach detection websites come into play. These sites allow you to securely search through the latest hacked data to see if any of your sensitive information is at risk. We’ve rounded up four of the best for you to use based on your security needs, so let’s dive in.
HAVE I BEEN PWNED?
Have I Been Pwned is one of the oldest, most popular, and best sites in the game. The site works hard to track down breaches, verify them as legitimate, and nab data so you can check it out. You can read more about site runner Troy Hunt and his thoughts on the business here.
Once you log onto the site, you’ll be greeted with a basic search bar and a list of the latest and largest breaches. Just type in your email or username, and the site will search the breached data and showcase any red flags. You can also search more sensitive breaches, but only if you take the time to verify your email address. There’s also an option to deep link straight to a particular account, so you can instantly bring up results for one particular email address if you plan on doing a lot of repeated searches.
It’s a simple tool that still allows for some customization as needed. Moreover, it’s obvious that Hunt really cares about this sort of white hat work, as well as educating users on the dangers of data breaches.
BreachAlarm has been set up, perhaps a little too obviously, as a competitor to Have I Been Pwned. But that doesn’t make this site a poor choice. Along with its free email checking service, it also has paid-for notification and protective services you can take advantage of.
The ones that cost you upwards of $30 a year are probably more than you need, but if you are looking for a service more oriented toward small businesses or large families, you may prefer BreachAlarm and it’s highly organized approach to data breaches. There’s also no law against checking multiple hack verification sites just to make sure!
DeHashed works in a similar manner to other options on this list, but where they focus on email addresses, DeHashed has everything. Want to see if your name appears in any hacked lists? You can. You could even check to see if your password is on any lists, although we’d caution putting your password into anything but the login form it’s required for — or a password manager.
This tool isn’t as easy to use as some of the others and unless you pay, some search results will be censored, but it’s comprehensive in ways that the others aren’t, making it a great alternative tool to see if you’re vulnerable.
SUCURI SECURITY SCANNER
Sucuri’s Security Scanner takes a different approach — it allows you to check an entire site for any signs of bugs, blacklisting, security vulnerabilities, and the presence of hackers. It’s an ideal tool for bloggers and online businesses, but it should be used in addition to other sites that check emails and usernames, just to be safe.
Sucuri also offers a broader suite of security and malware removal services than most, with fees that reach hundreds per year for the professional options. There’s also an option for a WordPress plugin and a Chrome extension for more consistent monitoring.
How do these websites work?
These hack searchers typically work by aggregating data from other sources commonly used to seek hacked data and share it with others. These secondary sources — Pastebin, individual leakers, dark web forums — can be nefarious, which makes it very easy for enterprising hackers to access passwords and login info from data breaches and try them out. Hack search sites, however, use such data tricks as a force for good, allowing you to peek into the same data breach info and see if your own info is there. If it is, you can then change your login data to protect yourself from future trouble.
Unfortunately, there are supposed “security sites” that ironically just want to collect your email and login info for future fraud attempts. Others try tools and features that aren’t well-understood and end up creating even more serious data breaches before abruptly collapsing. You can read what happened to the once-popular Pwnedlist, if you’re in need of a prime example.