Scribd
Upload
164 views5 pages

Have I Been Pwned - FAQs

This document contains frequently asked questions about the website Have I Been Pwned, which allows users to check if their email address or username has been compromised in a data breach. It explains that the site obtains data from publicly disclosed breaches, does not store passwords, and only returns results for individual searches rather than full lists of breached accounts. The document also addresses questions about how breaches are verified and how user data is stored on the site.

Uploaded by

ProfLoresio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
164 views5 pages

Have I Been Pwned - FAQs

This document contains frequently asked questions about the website Have I Been Pwned, which allows users to check if their email address or username has been compromised in a data breach. It explains that the site obtains data from publicly disclosed breaches, does not store passwords, and only returns results for individual searches rather than full lists of breached accounts. The document also addresses questions about how breaches are verified and how user data is stored on the site.

Uploaded by

ProfLoresio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

12/10/2016 Have I been pwned?

FAQs

FAQs
NeedtoknowsomethingaboutHaveIbeenpwned?(HIBP)

Whatisa"breach"andwherehasthedatacomefrom?
A"breach"isanincidentwhereahackerillegallyobtainsdatafromavulnerablesystem,
usuallybyexploitingweaknessesinthesoftware.Allthedatainthesitecomesfrom
websitebreacheswhichhavebeenmadepubliclyavailable.

Areuserpasswordsstoredinthissite?
No.Theintentionofthesiteistomapemailaddressesandusernamestodatabreaches
andstoringthepasswordsherewoulddonothingtoachievethatend.

Isalistofeveryone'semailaddressorusernameavailable?
Thepublicsearchfacilitycannotreturnanythingotherthantheresultsforasingleuser
providedemailaddressorusernameatatime.Multiplebreachedaccountscanbe
retrievedbythedomainsearchfeature(/DomainSearch)butonlyaftersuccessfully
verifyingthatthepersonperformingthesearchisauthorisedtoaccessassetsonthe
domain.

Whataboutbreacheswherepasswordsaren'tleaked?
Occasionally,abreachwillbeaddedtothesystemwhichdoesn'tincludecredentialsforan
onlineservice.Thismayoccurwhendataaboutindividualsisleakedanditmaynotinclude
ausernameandpassword.Howeverthisdatastillhasaprivacyimpactitisdatathatthose
impactedwouldnotreasonablyexpecttobepubliclyreleasedandassuchtheyhavea
vestedinterestinhavingtheabilitytobenotifiedofthis.

Howisabreachverifiedaslegitimate?
Thereareoften"breaches"announcedbyattackerswhichinturnareexposedashoaxes.
Thereisabalancebetweenmakingdatasearchableearlyandperformingsufficientdue
diligencetoestablishthelegitimacyofthebreach.Thefollowingactivitiesareusually
performedinordertovalidatebreachlegitimacy:
https://haveibeenpwned.com/FAQs#DataSource 1/5
12/10/2016 Have I been pwned? FAQs

1.Hastheimpactedservicepubliclyacknowledgedthebreach?
2.DoesthedatainthebreachturnupinaGooglesearch(i.e.it'sjustcopiedfrom
anothersource)?
3.Isthestructureofthedataconsistentwithwhatyou'dexpecttoseeinabreach?
4.Havetheattackersprovidedsufficientevidencetodemonstratetheattackvector?
5.Dotheattackershaveatrackrecordofeitherreliablyreleasingbreachesorfalsifying
them?

Whatisa"paste"andwhyincludeitonthissite?
A"paste"isinformationthathasbeen"pasted"toapubliclyfacingwebsitedesignedto
sharecontentsuchasPastebin(http://pastebin.com).Theseservicesarefavouredby
hackersduetotheeaseofanonymouslysharinginformationandthey'refrequentlythefirst
placeabreachappears.
HIBPsearchesthroughpastesthatarebroadcastbythe@dumpmon
(https://twitter.com/dumpmon)Twitteraccountandreportedashavingemailsthatarea
potentialindicatorofabreach.Findinganemailaddressinapastedoesnotimmediately
meanithasbeendisclosedastheresultofabreach.Reviewthepasteanddetermineif
youraccounthasbeencompromisedthentakeappropriateactionsuchaschanging
passwords.

Myemailwasreportedasappearinginapastebutthepaste
nowcan'tbefound
Pastesareoftentransienttheyappearbrieflyandarethenremoved.HIBPusuallyindexes
anewpastewithin40secondsofitappearingandstorestheemailaddressesthat
appearedinthepastealongwithsomemetadatasuchasthedate,titleandauthor(ifthey
exist).Thepasteitselfisnotstoredandcannotbedisplayedifitnolongerexistsatthe
source.

MyemailwasnotfounddoesthatmeanIhaven'tbeen
pwned?
WhilstHIBPiskeptuptodatewithasmuchdataaspossible,itcontainsbutasmallsubset
ofalltherecordsthathavebeenbreachedovertheyears.Manybreachesneverresultin
thepublicreleaseofdataandindeedmanybreachesevengoentirelyundetected.
"Absenceofevidenceisnotevidenceofabsence"orinotherwords,justbecauseyour
emailaddresswasn'tfoundheredoesn'tmeanthatishasn'tbeencompromisedinanother
breach.

Howisthedatastored?
https://haveibeenpwned.com/FAQs#DataSource 2/5
12/10/2016 Have I been pwned? FAQs

Howisthedatastored?
ThebreachedaccountssitinWindowsAzuretablestoragewhichcontainsnothingmore
thantheemailaddressorusernameandalistofsitesitappearedinbreacheson.Ifyou're
interestedinthedetails,it'salldescribedinWorkingwith154millionrecordsonAzure
TableStoragethestoryof"HaveIbeenpwned?"
(http://www.troyhunt.com/2013/12/workingwith154millionrecordson.html)

Isanythingloggedwhenpeoplesearchforanaccount?
Nothingisexplicitlyloggedbythewebsite.TheonlyloggingofanykindisviaGoogle
AnalyticsandNewRelic(http://newrelic.com)performancemonitoringandanydiagnostic
dataimplicitlycollectedifanexceptionoccursinthesystem.

WhydoIseemyusernameasbreachedonaserviceInever
signedupto?
Whenyousearchforausernamethatisnotanemailaddress,youmayseethatname
appearagainstbreachesofsitesyouneversignedupto.Usuallythisissimplydueto
someoneelseelectingtousethesameusernameasyouusuallydo.Evenwhenyour
usernameappearsveryunique,thesimplefactthatthereareseveralbillioninternetusers
worldwidemeansthere'sastrongprobabilitythatmostusernameshavebeenusedby
otherindividualsatonetimeoranother.

Doesthenotificationservicestoreemailaddresses?
Yes,ithastoinordertotrackwhotocontactshouldtheybecaughtupinasubsequent
databreach.Onlytheemailaddress,thedatetheysubscribedonandarandomtokenfor
verificationisstored.

HowdoIknowthesiteisn'tjustharvestingsearchedemail
addresses?
Youdon't,butit'snot.Thesiteissimplyintendedtobeafreeserviceforpeopletoassess
riskinrelationtotheiraccountbeingcaughtupinabreach.Aswithanywebsite,ifyou're
concernedabouttheintentorsecurity,don'tuseit.

Isitpossibleto"deeplink"directlytothesearchforan
https://haveibeenpwned.com/FAQs#DataSource 3/5
12/10/2016 Have I been pwned? FAQs

Isitpossibleto"deeplink"directlytothesearchforan
account?
Sure,youcanconstructalinksothatthesearchforaparticularaccounthappens
automaticallywhenit'sloaded,justpassthenameafterthe"account"path.Here'san
example(/account/[email protected]):

https://haveibeenpwned.com/account/[email protected]

Whatisa"sensitivebreach"?
HIBPenablesyoutodiscoverifyouraccountwasexposedinmostofthedatabreachesby
directlysearchingthesystem.However,certainbreachesareparticularlysensitiveinthat
someone'spresenceinthebreachmayadverselyimpactthemifothersareabletofindthat
theywereamemberofthesite.Thesebreachesareclassedas"sensitive"andmaynotbe
publiclysearched.
Asensitivedatabreachcanonlybesearchedbytheverifiedowneroftheemailaddress
beingsearchedfor.Thisisdoneviathenotificationsystem(/NotifyMe)whichinvolves
sendingaverificationemailtotheaddresswithauniquelink.Whenthatlinkisfollowed,the
owneroftheaddresswillseealldatabreachesandpastestheyappearin,includingthe
sensitiveones.
Therearepresently13sensitivebreachesinthesystemincludingAdultFriendFinder,
AshleyMadison,BeautifulPeople,Brazzers,Fling,Fridae,FurAffinity,Mate1.com,Muslim
Match,NaughtyAmerica,RosebuttBoard,TheFappeningandYouPorn.

Whatisa"retiredbreach"?
Afterasecurityincidentwhichresultsinthedisclosureofaccountdata,thebreachmaybe
loadedintoHIBPwhereitthensendsnotificationstoimpactedsubscribersandbecomes
searchable.Inveryrarecircumstances,thatbreachmaylaterbepermanentlyremovefrom
HIBPwhereitisthenclassedasa"retiredbreach".
Aretiredbreachistypicallyonewherethedatadoesnotappearinotherlocationsonthe
web,thatisit'snotbeingtradedorredistributed.DeletingitfromHIBPprovidesthose
impactedwithassurancethattheirdatacannolongerbefoundinanyremaininglocations.
Formorebackground,readHaveIbeenpwned,optingout,VTechandgeneralprivacy
things(http://www.troyhunt.com/2016/04/haveibeenpwnedoptingoutvtechand.html).
Thereispresently1retiredbreachinthesystemwhichisVTech.

Whatisan"unverified"breach?
https://haveibeenpwned.com/FAQs#DataSource 4/5
12/10/2016 Have I been pwned? FAQs

Somebreachesmaybeflaggedas"unverified".Inthesecases,itmaynothavebeen
possibletoestablishthelegitimacyofthebreachbeyondreasonabledoubt.Unverified
breachesarestillincludedinthesystembecauseregardlessoftheirlegitimacy,theystill
containpersonalinformationaboutindividualswhowanttounderstandtheirexposureon
theweb.Furtherbackgroundonunverifiedbreachescanbefoundintheblogposttitled
IntroducingunverifiedbreachestoHaveIbeenpwned
(https://www.troyhunt.com/introducingunverifiedbreachestohaveibeenpwned).

It'sabitlightondetailhere,wherecanIgetmoreinfo?
Thedesignandbuildofthisprojecthasbeenextensivelydocumentedontroyhunt.com
(http://www.troyhunt.com)undertheHaveIbeenpwned?tag
(http://www.troyhunt.com/search/label/Have%20I%20been%20pwned%3F).Theseblog
postsexplainmuchofthereasoningbehindthevariousfeaturesandhowthey'vebeen
implementedonMicrosoft'sWindowsAzurecloudplatform.

Atroyhunt.comproject(http://www.troyhunt.com)

(https://www.facebook.com/troyahunt)
(https://twitter.com/troyhunt)
(http://www.troyhunt.com/p/contact.html)
(https://plus.google.com/+TroyHunt)

https://haveibeenpwned.com/FAQs#DataSource 5/5

You might also like