Knowledge Base

Last edited by G. Bisares, 5/28/2025

Content Summary

-What is Have I Been Pwned?

-Why It Matters

-How to Use It

-What to Do if Your Information is Compromised

-Tips

What is Have I Been Pwned?

Have I Been Pwned? is a free, trusted website (https://haveibeenpwned.com); to help you check if your email address or password has been exposed in a data breach.

A data breach occurs when personal information, like email addresses or passwords, is stolen from a website or service and potentially shared online. HIBP searches a database of billions of compromised accounts to let you know if your information is at risk.

Why It Matters:

As a faculty or staff member, protecting your university account keeps sensitive data (e.g., student records, research) safe.
Have I Been Pwned? is a quick, reliable tool to stay ahead of cyber threats, complementing our Incident Response Playbook for handling incidents. 

How to Use It:

1. Visit https://haveibeenpwned.com.

2. Enter your email address
   (e.g., yourname@masters.edu) and click “pwned?” to see if it’s been compromised.

3. Sign up for free notifications to get alerts if your email appears in future breaches.

What to Do if Your Information is Compromised:

1. Report to IT: Email servicedesk@masters.edu to report the issue. The IT team will review your report and assist with next steps, including changing your password for the affected account and any accounts using the same password. Use a strong, unique password (e.g., a passphrase like “CoffeeBookPen#2025”).

2. Enable Multi-Factor Authentication (MFA): Add an extra layer of security (e.g., a code sent to your phone) on your university and personal accounts, with guidance from IT via servicedesk@masters.edu

3. Run a Windows Defender Scan: Use Windows Defender to scan your device for malware that might steal passwords or data. Open Windows Defender, select “Virus & threat protection,” and click “Quick scan” or “Full scan” to check for issues.

Tips:

• Use HIBP regularly to monitor your university and personal emails.
  
• Do not use your masters.edu account for personal mailing lists or non-work related logins
  
• Never reuse passwords across accounts.
  
• Contact servicedesk@masters.edu if you suspect a security issue or need help.