In the last post, we spoke about hash and salt. As a continuation of passwords topic, today I want to walk with you through real case examples and check if your password was stolen.

Absolutely sure, not all developers follow principles that we outlined in previous posts. Either they are in a rush or just do not know about them. Unfortunately, that is also related to well-known companies.

First of all, to understand the scale, you may have a look at the impressive list of companies that recently lost their users lists with credentials - World biggest breaches. Did you find the name of the service you use every day?

Secondly, data breaches sometimes become available on the dark web. From these leaks, enthusiasts compiled a web-page, where you can type in your mail and search across all the leaks to find out where, when and what kind of data about you was gone. Interested? Welcome to haveibeenpwned.

Obviously, I would recommend subscribing to either haveibeenpwned, Firefox or another similar service for notifications about when data about you was leaked. And then, if that happens, change a leaked password everywhere, because it is no longer secure. Difficult? Yes. Won't gonna do this?:) Then sit tight and relax.