In the wake of Australia’s largest data breach, there has been a public outcry over the accountability of organisations that we entrust with our personal data.
Presently, in the spotlight is the Optus data breach that has potentially affected more than 11 million Australians.
However, data breaches are an everyday occurrence on the internet and we seldom are not aware of our personal data changing hands for mere pennies – both legally and illegally!
Being proactive is key to staying on top of your cyber-wellbeing, and ‘Have I Been Pwned (HIBP)’ is a great tool in your arsenal to stay ahead of cybercriminals.
What is 'Have I Been Pwned' ?
Have I Been Pwned is a web tool that allows you to search across multiple data breaches to see if your email address or phone number have been compromised.
Simply put, these are the few good guys who trawl the deep corners of the internet for your leaked and stolen information, compile it into a database, to create a service that notifies you when you fall victim to a data breach.
Developed by Australian Troy Hunt, HIBP is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.
HIBP repository
Let’s see how it works
Enter your email or phone number in the field.
Subscribe to breach notifications.
Domain based searches for breaches.
Password based search for breaches
Does it have any info on the Optus hack?
The answer is ‘Not yet’, in order to avoid any confusion, HIBP has not loaded any of the leaked Optus records into its repositories.
However, HIBP has stated that it will change its position if the entire data set gets leaked.
To date, the alleged Optus hacker has leaked 10,200 records.
However, more than 11 million records have been compromised in the attack, which is the attacker is holding for ransom.
Optus has been proactively reaching out to its customers and offering support for those whose records have been leaked
In a Tweet, HIBP creator Troy Hunt said: “The biggest reason not to load the data though is that the leaked 10.2k records represent only a tiny portion of the total corpus of records. 99.x% of people impacted by the breach would get back "not pwned" (at least not in Optus), and that's misleading and confusing.”
“Of course, if the entire data set ever appears and circulates publicly, that will be a different situation, but the indications at present are that won't happen. Time will tell.”
At this stage, I don't intend to load any Optus data into @haveibeenpwned. Let me explain the reasoning:It looks like Optus has proactively reached out to impacted customers so in terms of answering "Have I Been Pwned?", disclosure and notification has already happened.
— Troy Hunt (@troyhunt) September 27, 2022