Wait! What is HIPB? HIBP is short for Have I Been Pwned. What does pwned mean? Pwned is just a geeky way to write “owned”. The Have I Been Pwned website, run by Troy Hunt, a security researcher, allows anyone to check to see if their email address, phone number and/or other information has been exposed in a data breach. While this service is useful, a few quick tips on how to use it are probably helpful.
- You can reach the site at https://haveibeenpwned.com
- Enter your email address or phone number into the large search box, then click “pwned?”
- The site will return a page listing all the breaches containing that email address or phone number, along with an explanation of what happened, what was exposed, and when the breach occurred.
- Once you see the list, DON’T PANIC!!!
- Read the description for each breach carefully. If you don’t understand the implications, please contact the Office of Information Security using the information below and we will be happy to confidentially discuss your situation.
- You can sign up to be notified when your email address or phone number appears in a data breach. Click “Notify me” in the menu at the top of the web page and enter your information. You will need to confirm you are the account or number owner by replying to a confirmation email or text.
- If you put your Berry email address into the search box and it displays a lot of breaches, be sure to double check the dates. It is possible for a Berry faculty or staff email to be “recycled”. For example, if an employee named Jonathan Doe worked at Berry, with the email address of email@example.com, then he left and later a James Doe is employed by the college, he most likely will receive the same email address Jonathan Doe once had – firstname.lastname@example.org. If there is breach information in HIPB for email@example.com from 2014 and James Doe didn’t start until 2016, then that exposed information is not relevant to James.
- Understand that the HIBP site only has access to data that has been either found “in the wild” or submitted by someone else. If a company experiences a breach and the data is not found or submitted, that does NOT mean it cannot be used against you. Companies that experience a breach have a moral, if not always legal, responsibility to disclose that fact to their constituents.
I hope this helps you navigate the HIBP page more effectively. As always, if you still have questions, or need to discuss a specific breach, please contact Information Security by emailing firstname.lastname@example.org or by calling extension 1750, or 706-236-1750.