At the end of March, the news came that the hacker d0gberry would put a database of leaked passwords online. This database has been online since yesterday afternoon, where the passwords of at least 3.3 million Dutch people can be found. Wondering if your password is in the database?
You can find the database on the website gotcha.pw. At the top of the screen you will see a search bar, with a small description below of what the search engine shows. There it is explained that the database contains more than 1.4 billion accounts and you can see if your username and password have been leaked via the search engine.
Database of passwords
In the search bar you can enter an email address as a search term. you get the first 3 characters of the username and the first 2 characters of your password to see. It can be confronting, but that way you know right away whether your current password is in the database of leaked accounts. It is also possible to enter domain names to see whether certain authorities have ever been the victim of a data breach. For searches with many results, the first 500 results are listed in alphabetical order.
The moment the first 2 characters of your current password appear next to an account that seems very familiar to you, you know it's high time to change your password. It also shows how important it is to use different passwords for your accounts. Otherwise, just one password is enough for someone with bad intentions to gain access to multiple accounts. If you use a lot of and especially difficult passwords, it can be useful to use a password manager.
The search engine is very reminiscent of the Have I Been Pwnd? tool. On that website, you can also see whether the account was part of a data breach after entering an email address. An advantage of this tool is that you can see whether it is, for example, your Tumblr or Adobe account. This way you immediately know which password you have to change immediately.
Extra safe
If your password has been cracked, the chance that a hacker can do something with it is a lot smaller if you set up two-step authentication on your accounts. When activating the function, you must first give permission to log in with every login attempt on a new device. You do this with a device with which you are already logged in. Don't forget to change your passwords every few months!