It’s not a secret that hackers don’t make victims aware of the fact that they have hacked. And that’s not without reason.
This might sound obvious, but just because everything “seems to be fine” doesn’t mean that’s actually the case.
Hackers penetrate systems and infect them with malware to take full control. The malware created by the hackers is hidden in a system to do the work, and hackers are not all about rushing it. That means that they can come back at any given moment to see if the malware was able to do any damage to a system, and to see what other things they can do to it.
For that reason, you might not realize a hacker is already inside one or more of your devices.
Hackers and their malware are always changing. There’s always a new data breach happening, and sadly, there’s a sucker born every minute. Sure, there are cybersecurity professions that combat these threats every day, but is that enough to keep our private information safe?
Not all hacks are transparent, and antimalware doesn’t help us sleep better at night. If a hacker is sniffing around, you need to know. Check out these websites to find out if you’re under attack.
Have I Been Pwned?
Have I Been Pwned is one of the oldest, most popular, and best sites in the game. The site works hard to track down breaches, verify them as legitimate, and catch data so you can check it out. You can read more about site runner Troy Hunt and his thoughts on the business here.
Once you visit the site, you’ll be greeted with a basic search bar and a list of the latest and most significant breaches. Just type in your email or username, and the site will search the breached data and showcase any red flags. You can also search for more sensitive breaches, but only if you take the time to verify your email address. There’s also an option to deep link straight to a particular account, so you can instantly bring up results for one specific email address if you plan on doing a lot of repeated searches. And if you sign up for email alerts, you’ll be notified as soon as your email address is found in a new breach, allowing you to change your password quickly before any damage can be done.
It’s a simple tool that still allows for some customization as needed. Moreover, it’s evident that Hunt genuinely cares about this sort of white hat work, as well as educating users on the dangers of data breaches.
BreachAlarm is an alternative to Have I Been Pwned, giving you another place to check for breaches. Along with its free email-checking service, it also has paid-for notification and protective services you can take advantage of.
The ones that cost you upwards of $30 a year are probably more than you need, but if you are looking for a service more oriented toward small businesses or large families, you may prefer BreachAlarm and its highly organized approach to data breaches. There’s also no law against checking multiple hack verification sites just to make sure.
DeHashed works similarly to other options on this list, but where they focus on email addresses, DeHashed has everything. Want to see if your name appears in any hacked lists? You can. You could even check to see if your password is on any lists, although we’d caution putting your password into anything but the login form it’s required for — or a password manager.
This tool isn’t as easy to use as some of the others and unless you pay, and some search results will be censored, but it’s comprehensive in ways that the others aren’t, making it a great alternative tool to see if you’re vulnerable.
Sucuri’s Security Scanner takes a different approach — it allows you to check an entire site for any signs of bugs, blacklisting, security vulnerabilities, and the presence of hackers. It’s an ideal tool for bloggers and online businesses, but it should be used in addition to other sites that check emails and usernames, just to be safe.
Sucuri also offers a broader suite of security and malware removal services than most, with fees that reach hundreds per year for the professional options. There’s also an option for a WordPress plugin and a Chrome extension for more consistent monitoring.
How do these websites work?
These hack searchers typically work by aggregating data from other sources commonly used to seek hacked data and share it with others. These secondary sources — Pastebin, individual leakers, dark web forums — can be nefarious, which makes it very easy for enterprising hackers to access passwords and login info from data breaches and try them out. Hack search sites, however, use such data tricks as a force for good, allowing you to peek into the same data breach info and see if your info is there. If it is, you can then change your login data to protect yourself from future trouble.
Unfortunately, there are supposed “security sites” that ironically just want to collect your email and login info for future fraud attempts. Others try tools and features that aren’t well-understood and end up creating even more serious data breaches before abruptly collapsing. You can read what happened to the once-popular Pwnedlist if you need a prime example.