Hackers and malware are constantly changing. There’s always a new data breach, and sadly, a sucker is born every minute. Sure, cybersecurity professionals combat these threats every day, but is that enough to keep our private information safe?
Not all hacks are transparent, and antimalware doesn’t help us sleep better at night. If a hacker is sniffing around, you need to know. Check out these websites to find out if you’re under attack.
Have I Been Pwned is one of the oldest, most popular, and best sites in the game. It works hard to track down breaches, verify them as legitimate, and present the data to keep you informed.
The site greets you with a basic search bar and a list of the latest and most significant breaches. Just type in your email address and the site will search the breached data and showcase any red flags. You can also search for more sensitive breaches, but only after verifying your email address.
The site provides an option to deep link straight to a particular account, so you can instantly bring up results for one specific email address — great for repeated searches. If you sign up for email alerts, you’ll be notified as soon as your email address is found in a new breach, allowing you to change your password immediately.
Have I Been Pwned is a simple tool that still allows for some customization as needed. Moreover, it’s evident that site runner Troy Hunt genuinely cares about this sort of white hat work, as well as educating users on the dangers of data breaches.
You can read more about Troy Hunt and his thoughts on the business.
BreachAlarm is an alternative to Have I Been Pwned, giving you another place to check for breaches. Along with its free email-checking service, it also has paid-for notification and protective services.
The $30-per-year subscription is probably more than you need, but if you are looking for a service more oriented toward small businesses or large families, you may prefer BreachAlarm and its highly organized approach to data breaches. There’s also no law against checking multiple hack verification sites just to make sure.
DeHashed works similarly to other options on this list, but where they focus on email addresses, DeHashed does more. Want to see if your name appears in hacked lists? You can. The site presents a search bar with options to search for your username, IP address, name, address, phone number, and more.
This tool isn’t as easy to use as some of the others. Some search results will be censored unless you purchase one of three subscriptions. Pricing ranges from $5.49 for a single week to $180 for a 12-month subscription. These paid plans include real-time asset monitoring, multiple asset monitoring, unlimited asset searches, and 24/7 customer support.
Security Scanner takes a different approach: It allows you to check an entire site for any sign of bugs, blacklisting, security vulnerabilities, and the presence of hackers. It’s an ideal tool for bloggers and online businesses and should be used alongside other sites that check data for emails and usernames.
Sucuri offers a broader suite of security and malware removal services than most, with fees that reach hundreds per year for the professional options. There’s also an option for a WordPress plugin and a Chrome extension for more consistent monitoring.
How do these websites work?
Hack search sites typically work by aggregating data from other sources commonly used to seek hacked data and share it with others. These secondary sources — Pastebin, individual leakers, dark web forums — can be nefarious, which makes it very easy for enterprising hackers to access passwords and login info from data breaches and try them out.
Hack search sites, however, use such data tricks as a force for good, allowing you to peek into the same data breach info and see if your info is there. If it is, you can then change your login data to protect yourself from future trouble.
Unfortunately, there are “security sites” that ironically just want to collect your email and login info for future fraud attempts. Others try tools and features that aren’t well-understood and end up creating even more serious data breaches before abruptly collapsing.
You can read what happened to the once-popular Pwnedlist if you need an example.