Internet privacy and security course
Aa font
AA font size
About translation
Previous Next

Chapter 77

Check if your data has been leaked

Data leaks and identity theft

Though the data breach issue is related to identity theft, to be precise, data leak is part of identity theft. However, these two aren’t identical. If hackers broke the forum you had an account with, this is considered a data breach, not identity theft since your account isn’t directly linked to your identity.

 But if those hackers accessed your account on a dating website with your photos or copies of your passport and used your data for illegal purposes, for instance, to get an online loan or registered an account to your data – you’ve become a victim of identity theft.

To find out if your data has been leaked, use the tips for checking if your personal data have been stolen. We have a separate chapter that focuses on this issue in detail.

The methods of checking your data for security breaches

Using data breach aggregation services

There are websites that collect the information whether your data has been made public in known data breaches and allow users to check if their emails are found on these lists.

 I recommend you use the largest and most popular data breach aggregation service - Have I Been Pwned. First, it has the biggest database, second, it doesn’t expose your passwords or sell your data. As you progress through this chapter, you will learn that not all services are as respectful to your data as Have I Been Pwned.  

have I been pwned

These websites work on the same principle: you enter your email or login, and the breach notification website checks if its data leak database contains it. You need to remember all your emails if the current email you are using for registrations on websites differs from the one you used a year or two ago.

If you want to see how the information about publicized data breaches looks like, enter in the search bar of the service.


Remember and check your emails using a data leak aggregation service.

Be aware that in compliance with the privacy policy, the Have I Been Pwned service collects all the data you enter in the search form, the information about your browser and IP address. All this data is stored on Microsoft servers in the U.S. indefinitely.

Checking known data breaches

Even the largest data leak aggregation services have a downside to them. Unfortunately, not all hacked data is made public and therefore added in hacked account databases. We know that between 2013 and 2015 Yahoo had a data breach of all accounts that belonged to its users, but most likely, when checking a Yahoo account, the service won’t find a data breach since the data wasn’t made public and didn’t get enlisted in the databases of aggregation services.

The advantage of similar lists of compromised accounts is their convenience, but a quality check requires you to go through the list of resources that have had a security breach and remember if you had an account with them. This may take a lengthy amount of time, but this is important if you want to check your data for data breaches.