Have I Been Pwned(HIBP)?

PartOne: Explore the HIBP Website

How long has it been since you last heard of a data breach in the news or were perhaps notified that your account had been impacted? Security Magazine reported that in 2021 more than 4,145 publicly disclosed data breaches with 22 billion records exposed occurred. Other reporting indicates the top country for data breaches in the world is the U.S., with over 212 million users (63% of the population) affected (Surfshark, 2022). With data breaches so prevalent and the U.S. subject to the most data breaches of any country, how can the average person become better informed?

Troy Hunt, a noted security researcher, runs the website “Have I Been Pwned?” (HIBP) (pwned as a variant of “owned” CYB 4301, Cybersecurity and Crime 2 meaning taken over, loss of control, utterly defeated, etc.) to help people learn about breaches, determine if emails and domain names have been found in data breaches, and other useful services.

In part one of this assignment, you will explore the HIBP website, and perform a self-assessment of your digital footprint.

1. Go to the website Have I Been Pwned?. (
Have I Been Pwned: Check if your email has been compromised in a data breach)

2. Explore the tabs across the top of the site (e.g., Notify me, Domain Search, Who’s Been Pwned, Passwords)

3. Enter an email address or a phone number you own into the “pwned?” field on the home tab (please do not use someone else’s email address nor the email of your employer) and click “pwned?”

4. Scroll down the page to the “Breaches you were pwned in,” and review the results. Note: If your submission comes back without results, try an alternate address or talk to your instructor.

5. Click on the “Notify Me” tab at the top of the page. Review the options available to you.

6. Click on the “Domain Search” tab at the top of the page. If you own a personal domain you can enter the information and obtain actual results, but it is not required. Alternatively, review the Blog Post. (
Troy Hunt: I’m pwned, you’re pwned, we’re all pwned – introducing domain wide searches)

7. Click on the “Who’s Been Pwned” tab at the top of the page. Choose one of the organizations listed that you have an account with, have done business with, or visited their website.

8. Click on the “Passwords” tab at the top of the page . Choose one of the Top 25 passwords from the NordPass website(Top 200 Most Common Passwords List | NordPass) and submit using the “pwned?” button.

9. Click through the various sub-menus under the “About” tab at the top of the page.

Part Two:Report Your Findings

You will need the Unit III Part 2: Report Your Findings worksheet to record your findings.

1. What is meant by the word “Pwned” in the HIPB website title?

2. Choose one of the “Largest Breaches” listed on the Home tab. What was breached (e.g., consumer financial information, information belonging to children, or information within educational records)? How many records were involved? What was the root cause?

3. Without divulging your personal email account, provide a summary of the results. Ensure you include the top three breaches. What breach surprised you and why?

4. If you entered a domain you own into the “Domain Search” tab, without disclosing the domain name, provide a synopsis of the results. If you do not own a domain name, provide one or two of the most important points you discovered by reading Troy Hunt’s blog post.

5. What did you find out about the organization you investigated on the “Who’s Been Pwned” tab? What did you find interesting? Will you continue to do maintain your personal account with the organization? Why, or why not?

6. What password did you choose from the NordPass list? What results were returned? Are you surprised by the time to crack the password or the frequency count of the password you chose? What is the significance of this research?

7. Summarize what you learned about your own digital footprint. What surprised you about you learned from the HIPB website? What are the implications of entering sensitive data into the HIPB website?

8. Based on what you have learned from the HIPB website, what business challenges are associated with safeguarding sensitive information? What statutory versus regulatory concerns exist in safeguarding sensitive information?

Deliverables

Upon completion of the worksheet, you are required to provide the following deliverable to your instructor:

· Unit III, Part 2 Worksheet Template (.docx)

Once you have completed the worksheet, submit (upload) the completed MS Word document