top of page
Search

I KNOW YOUR PASSWORD!

Updated: Mar 1, 2022

This blog is about the data breach that occurs when a company database got compromised and the email id and password for users are compromised in that breach.


THIS IS THE FIRST THING I DO WHEN I SOCIAL ENGINEER A PERSON.


How do hackers react when they got your password served on a plate?

LIKE THIS.....















WELL, AT LEAST YOUR BEST FRIEND WILL REACT LIKE THIS IF HE/SHE GOT YOUR PASSWORD.


So how to know that our data is not breached or if it is "HOW DO I KNOW?"


HERE THE ANSWER----

Here is a website called haveibeenpwned.com


This contains the data breached record and if your email id is registered on any of these sites whose data is breached it will alert you.


Just follow these steps


GOOGLE - PWED


THEN GO TO THE SITE https://haveibeenpwned.com/




AFTER THIS ENTER YOUR EMAIL ID ON THE WEBSITE


You can also scroll down and see recently added data breach records.



And now click PWNED?



As you can see this email password is compromised in two data breaches.


You can also trigger NOTIFY ME to get a notification when your data is compromised.


You can search your PASSWORD for the same.





WELL, THIS SHOWED YOU THE DATA BREACH RECORDS BUT WHERE ARE THE PASSWORDS?

DO I LIE TO YOU....










To know the password you need to connect to the dark web(onion service)

Because Breach Data cannot be shown openly


Website To Connect - PWDDB


Here is the dark web/onion link - http://pwndb2am4tzkvold.onion/


You can find many Proxy of this website on google but don't go to those websites.

They are just proxies and can abuse your data.

You can try it if you want..












I am using the tor version of the website in this blog.

This is what this Website looks like.




Enter your email in the given format.




You can use "=" for exact match and "like" for somewhat like this sting

And search



As you can see I found a plain text password.

Sometimes you can also get the hash password all you have to do is find the hashing algorithm and decrypt the cipher to plain text

There are many tools available online.


NOW HOW TO PREVENT FROM THESE















USE RANDOMIZED PASSWORDS LIKE THIS --



USE A PASSWORD MANAGER TO MANAGE THESE PASSWORDS -

MY RECOMMENDATION - USE LastPass it's FREE AND EASY TO USE.


Also, you can use FIREFOX Extention called FIREFOX MONITOR.

As you can see this site also works the same way and check the box for regular updates.


WELL THAT'S ALL FOR THIS BLOG

HOPE YOU ENJOYED IT.

 
 
 

Comments

bottom of page