- NIST recommends that you register your email(s) at the site called haveibeenpwned? to be notified if your credentials are ever released during any known breaches. This site is a database of all known credential and personal information breaches.
- What does pwned mean? The word “pwned” has origins in video game culture and is a leetspeak derivation of the word “owned”, due to the proximity of the “o” and “p” keys. It’s typically used to imply that someone has been controlled or compromised, for example “I was pwned in the Adobe data breach”.
- For example, if Canva had a breach and it exposed your name, email address, and/or password, this site would tell you if your email was a part of that breach as well as the date of the breach and the type of personal data that was exposed.
Instructions to Register and Interpret Results (Or Video Below)
- Go to the haveibeenpwned? site.
- Click on Notify Me
- Type in your email address, and tick Not a robot. Click notify me of pwnage.
- Check email, click on the Verification link.
- “Verification is complete” message will show. Get your results displayed and be informed of any new pwnage in the future.
- Be wary of suspicious emails based on which elements of your personal information has been breached. Make changes to passwords based on when your password was last compromised. You can decide whether you need to take action based on the date of your last password change and how many other systems you use this password in (which is not recommended).
- Repeat for any other email addresses you use.
More Information
- Please follow the guidance on our password page at NIST.
- Go here if you need to change your NIST password.
- Use a password manager such as 1Password.
- Click here for more information about Data Protection at NIST.