Inquiring Minds Want to Know: Have I Been Pwnd?
The term "to be pwnd" comes from the online gaming culture. (There's an oxymoron for you.)
“'Pwn' is a lot like the sense of 'own,' which means ‘to have
power or mastery over (someone),’” the Merriam-Webster dictionary
explains. “It has also been used to describe the act of gaining illegal
access to something.”
That secondary definition stems from the
hacker and programming community that have used the word to describe
obtaining unauthorized control of someone else’s computer. It’s a word
steeped in internet history, but its origins predate the web and were
largely based on misunderstandings and typos that were then adopted as
an idiom.
So if your online credentials are available for sale or rent on the dark web you have been "pwnd." See links. I don't make this stuff up.
The best explanation of the how, why, and by whom did Have I Been Pwnd comes from its creator itself. HIBP is the brainchild of:
I'm Troy Hunt, a Microsoft
Regional Director and Most
Valuable Professional awardee for Developer
Security, blogger at troyhunt.com,
international speaker on web security and the
author of many top-rating security courses for web developers on
Pluralsight.
I created HIBP as a free resource for anyone to
quickly assess if they may have been put at risk due to an online
account of theirs having been compromised or "pwned" in a data breach. I
wanted to keep it dead simple to use and entirely free so that it could
be of maximum benefit to the community.
Short of the odd donation,
all costs for building, running and keeping the service currently come
directly out of my own pocket. Fortunately, today's modern cloud
services like Microsoft Azure make it possible to do this without
breaking the bank!
ED. Links are from the original website. I changed the destination of
the hyperlinks so each would open in its own window.
So Have I Been Pwnd?
When you go to the website at
https://haveibeenpwned.com/ you are greeted with a
very large search box where you can type in an email address or password
to see if those particular credentials have been included in one of an
endless streams of data dumps. Let's see if the email address used
to give notice of new Dispatches has been pwnd.
PTL!!! NO Pwnage!!
Now let's see about that other email address of questionable heritage.
GREAT CEASAR'S GHOST I'VE BEEN PWND!!!!
Furthermore, not only will HIBP inform you if your email address has been found in a one or more trove of stolen data, HIBP will also list in which trove or troves your pwnd data was found.
All 3 of the data breaches listed above were well publicized data dumps.
Fortunately, and NOT DOCUMENTED here for obvious reasons, none of the
critical passwords associated with this email address were found in
subsequent searches.
So Kiddies, here's one you can
safely try at home. Go to
HaveIBeenPwnd and take the test. But
be sure and ask Mom or Dad first.
And how do I feel about that email address being pwnd?
¯\_(ツ)_/¯
Gerald Reiff