What does ‘pwned’ mean?
Pwned, in this context, simply means that your account has been the victim of a data breach.
The word itself takes its name from player-to-player messaging in online computer gaming. When one player is defeated, another might type out a message to say… “You’ve been pwned”.
This was so frequently misspelled as “pwned”, the word itself took off.
What is Have I Been Pwned?
The best-known site for checking if your email address, or any account associated with it, has been hacked, is called Have I Been Pwned.
Here, you can enter your email address (safely) and the site will check it against multiple data breach records. If your account details were included in one of those breaches, you’ll be told the bad news that you’ve been ‘pwned’.
To find out if your email address has been affected by a data breach, head to the Have I Been Pwned website. You’ll need to enter your email address here – don’t worry, there’s no security threat to doing so, and you’ll never be asked to enter a password or other personal data.
What should I do if my account has been pwned?
There are strict obligations on companies to report data breaches promptly. These reports, plus analysis of hacked data that’s been made available online, and the work of “white hat” (good guys) hackers, means there are resources to help you find out if any of your accounts have been compromised in a data hack.
If your email address has been compromised in a data breach, it’s a smart move to change your login password for your email address, and for the service which was affected by the breach. Even if your email account itself hasn’t been the victim of a data breach, there’s a security risk if another account that you log into with the same password has been affected.
Data leaks happen – it’s one of the unfortunate side effects of the modern, internet-connected world. And often, these have nothing to do with you, the user, being irresponsible. Companies can suffer embarrassing data breaches – either through having their servers hacked, human error, or staff misconduct.
Ideally, you should never use the same passwords across multiple websites. It can, admittedly, be a pain to remember multiple logins. If nothing else, you should always have a unique password for logging into your email account – don’t use this same password on any other service.
When creating a strong password, use a mix of upper and lower case letters, numbers, and symbols.
As you walk through the Valley of the Shadow of the World Wide Web, look out for your Shadow through its looking glass.