Last night the news broke that Yahoo had a security breach and 435,000 usernames and passwords had been hacked. Particularly troubling? The login credentials are in plaintext, not even encrypted.
The biggest question users have when this happens: have MY username and password been released?
A number of services can answer that. One is Should I Change My Password, which has two great features that differentiate it from some others.
One is the ability to check anonymously based on email address, which many people have as their username for online services. This is helpful, because you don’t have to enter your password into the service (which you don’t know if you can trust or not) to check if your password has, indeed, been compromised. Secondly, you can sign up to receive notifications in the future if your email address is ever involved in another hacking incident.
Simply go to Should I Change My Password, and enter your email address:
The site automatically checks you against millions of emails and passwords leaking in numerous security breaches.
If your email address is among those that have been hacked and released, this is what you’ll see. (I checked it myself with an old email address that I knew had been previously compromised.)
While investigating the breach and writing my story last night, I personally downloaded a few hundred thousand of the usernames and passwords and tried (unsuccessfully) to log into a number of Yahoo accounts.
This service can give you some confidence that others won’t be trying the same with your private accounts.