If you are one of the 1.5 billion Gmail users worldwide, you’ve probably already received security warnings about access to your account on other devices. You may have ignored these warnings because you knew that it was you accessing the account. But Google is right to be wary. Out of all the credential leaks on the web that we’ve detected, at least 1 billion of them were from gmail.com.
A credential is an email with a password or hash (encrypted password), which doesn’t necessarily enable access to the email service provider. An email—as well as a password—may be used as a login on more than one service. That leads cybercriminals to test the credentials and capture the accounts of those who reuse the same access data.
In order to address the huge data leakage problem, Axur has just relaunched MyPwd, a portal where you can discover if your password has already been leaked. Just enter your email and you’ll get a list of any passwords that have been exposed. The database has now reached nine billion credentials.
How to find out if your password has been leaked
MyPwd.com was created in order to provide much-needed access to the flood of detections our thousands of bots collect daily as they scour the surface web and the deep and dark web. We have made it available to the business sector as well as the end consumer.
According to the Ponemon Institute report, 51% of users find it difficult to manage their passwords. This indicates a lack of absolute control over their data protection. In these times of such widespread digitalization, that statistic is extremely worrisome.
Know that frauds surrounding credential harvesting are on the rise. Phishing attacks and fake pages designed to steal data have become increasingly common worldwide in recent months.
And therein lies the importance of monitoring with a tool like MyPwd.com. Our database also includes micro leakages, including up to 50,000 credentials that are exposed daily from a wide variety of locations.
New email alerts are shot off when we detect a new leak associated with your email address. These notifications carry important instructions: the leaked password must be changed to avoid financial loss and even identity theft.
Isn’t ‘Have I Been Pwned’ the same thing?
Though MyPwd.com has some similarities to the Australian service, there are a few features that differentiate the two solutions. Only MyPwd.com offers:
- Monitoring of the deep and dark web
- Information regarding which password was leaked
- Access in English, Spanish and Portuguese
- Nine billion items of data (‘Have I Been Pwned’ has an estimated 8.4 billion “pwned acounts”)
Protecting data is the company’s responsibility
From the scandals involving Mark Zuckerberg to the emergence of Europe’s General Data Protection Regulation (GDPR) and a host of similar legislation worldwide, the value of data has become indisputable.
MyPwd.com will serve you as a valuable business assistant. The warnings will enable you to see how many credentials from your corporate domain are present in the database.
If you prefer to have extra protection for your corporate domain, we recommend Hashcast. This tool sends real time alerts regarding how many and which credentials have been leaked from your domain, so that you can prevent others from getting the key to the location and critical information that only your company should have.
A journalist working as Content Creator at Axur, in charge of Deep Space and press activities. I have also analyzed lots of data and frauds here as a Brand Protection team member. Summing up: working with technology, information and knowledge together is one of my biggest passions!