Who has your password?

Your favorite password may already be in a hacker's database.

Take a minute now to see if your favorite password has been hacked. Visit:

haveibeenpwned.com

That site lets you check whether your email address is among the almost two billion accounts whose passwords have been breached and shared with hackers.

Mine was. My account was included in the LinkedIn Password Breach that was leaked earlier this year. Here are some of the other breached services where your password may have been leaked:

  • MySpace
  • Adobe
  • DropBox
  • Tumblr
  • SnapChat
  • Domino's Pizza
  • Comcast
  • Yahoo!

I checked some other accounts. Apparently I once had a MySpace account. I have forgotten all about it, but the hackers haven't. Two former employees had their DropBox and Adobe passwords exposed. My daughter's NeoPets password was leaked.

You may think, who cares about your old MySpace account? But that's not the point.

The point is, every other account where you've used that MySpace password is now wide open.

Because people re-use passwords all the time. Even smart people, like Mark Zuckerberg. His LinkedIn password was exposed in a breach, and hackers used that same password to break into his Twitter account.

If you or your staff are re-using passwords, you may be putting your data at risk. A policy to prohibit password and username re-use is one of the most common recommendations we make in HIPAA risk assessments

Does your organization have a documented password policy to mitigate the risk of password recycling?