“Pwned.” Strange word that you won’t find in an English dictionary, but one that has affected people all over the world. It’s the coined word used to identify a person whose personal information has been breached when a corporate data base is hacked. Gamers recognize it as meaning “utterly defeated.”
We hear about it a lot these days. Large retailers and other companies have been attacked by hackers, compromising the data of millions of customers. Even Equifax, the credit rating company, was not immune. A breach of its data gave fraudsters millions of names to work with. The list of other well-known companies that have lost data has become long. The thieves have a hey day using the personal data for their own purposes.
Are you one of them and how can you find out?
An Australian named Troy Hunt may be able to tell you. He has accumulated some 4.8 billion pieces of hacked data and he uses it to help ordinary people determine if they have had their personal data lifted. His website, Have I Been Pwned?, has been in operation since 2013. It’s free.
Hunt has become a specialist regarding big breaches and has exposed some hack jobs before the victim companies have been aware themselves. He used to be a software architect at Pfizer, the pharmaceutical giant, but quit to work as an independent information security consultant and instructor.
The U.S. Congress recently availed itself of his expertise when he testified before that body, which has become increasingly concerned at the number of their constituents who have been victimized. He had to buy a new suit and tie (and visit a website to find out how to tie the tie.) His usual garb is beachwear or jeans — what the well-dressed Aussie wears while working on the beach.
The problem is serious. So much personal data has been breached that traditional methods for verifying identity, such as user names, passwords and/or knowledge-based questions, have become less reliable.
Hunt’s relentless search for hacked information has put him ahead of the game in several instances. He has made it harder for big companies that have been hacked to hide the fact. Uber, for instance, had failed to publicize a breach that put 57 million bits of information on passengers and drivers into the hands of fraudsters. On the other hand, when he advised Imgur, a photo-sharing corporation, that they had been hacked, they made the information public within a day.
People using his site to determine the status of their information can search Hunt’s website on their email address. Some 1.7 million people also have subscribed to alerts that sound when their data pops up in newly discovered breaches.