These days, data breaches are growing more numerous — and more worrisome. After all, how are you supposed to protect your passwords and login information when they are being stolen from enormous company databases that you have no control over?

If a company you have an online account with has suffered a data breach, it’s possible your email may have been pwned (typically pronounced as “poned”), which means your email and password for that site’s account has been exposed to cybercriminals.

Cybercriminals can use stolen information from these data breaches to target you with phishing emails and other scams.

To continue to protect your online accounts and avoid falling for a scam, it is important to periodically review and be aware of sites where your information may have been exposed.

How to check if your email account or password was pwned

HaveIBeenPwned.com is a website that you can use to test your business and personal email accounts to see if those accounts have been involved in a breach. It is important to check if your information has been compromised especially if you share passwords across multiple accounts (a big no-no). We encourage users to use strong passwords that are unique for each site.

The HaveIBeenPwned site is one of the oldest and most popular. The site works hard to track down breaches, verify them as legitimate, and nab data so you can check it out.

To check if your email account or password was pwned in a data breach follow the steps below:

1. Go to haveibeenpwned.com.
   
   
2. Enter your business or personal email address and click the pwned? button.
   
   
3. Scroll down to the “Breaches you were pwned in” section to review the sites where your information was pwned.
   
   


4. If you actively use the website and password is listed after “Compromised data,” change the password on that website. If the site supports two-factor authentication, set up that additional protection for your account.

What does pwned mean?
Pwned is a slang term derived from the verb own, commonly used as a gloating expression of dominance, control, or victory.

What is a breach?
A data breach occurs when sensitive information has potentially been viewed, stolen or used by an unauthorized individual.

How do I know the HaveIBeenPwned site isn’t just harvesting searched email addresses?
The HaveIBeenPwned site is a free service used throughout the industry for people to determine if their email address or password has been put onto public or dark web credential bulletin boards as a result of a breach. If you used a particular email address and password on a site that has been breached, it’s likely that the address or password will show up on the HaveIBeenPwned site.

What do I do if HaveIBeenPwned site finds a match?
If you find out you have been pwned, please change your passwords (especially for those affected accounts). If the website supports it, proceed to set up two-factor authentication on these external sites as well.

Who can I speak to if I have more questions?
If you received or have responded to a suspicious email and provided your account information, it is critical that you report these types of incidents immediately to us, so we can guide you on appropriate steps to protect your account. Acting quickly will help minimize the risk to your own account as well as protecting your business.