Have I been pwned?

Also, be careful of where you're putting in personal information in the first place.
Don't just believe your personal information is going to be locked up in a vault some place that will never get jarred open. That is a common fallacy. Your data is stored on a server somewhere. A server is simply a specialised version of a particular OS that in many cases is a computer just like any other. It's not a bomb proof vault. Anyone can run a server. But it takes a very skilled and talented team of highly qualified professionals to run and maintain a server that has millions and millions of users and interactions daily. This simple difference is often the difference between a website getting compromised or not.

As a rule of thumb keep personal information that can be used to identify you to an absolute minimum and only unless absolutely required. That goes for any website. Decent exceptions are places like Amazon for example that have a very strong reputation for customer data protection. Others include Google as well. Although with these sites even though they are safe from attack that doesn't mean the very sites themselves won't use that data for their agendas.

You should just be careful anyway, whether breached or not.

So many to thank .... please take it that I have read and digested your contribution.
Since starting the OP I have discovered the following: -

Zynga: In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Passwords, Phone numbers, Usernames

Interestingly I have never been to this website.
Amid 173m unique email addresses with usernames I don't feel so bad and nothing has phished my since Sept 2019
I keep my browser (FFox) clean with CCleaner.

It took a while to get there but now I am and am grateful to you all for the lessons learned.


Now I will change passwords.

You'll be surprised how many websites will have your details.
And I don't want to disappoint you but CCleaner won't protect you. CCleaner is a privacy tool. Privacy and security are two different things. Getting hacked is a security problem. Getting your data into the wrong hands through a breach is often a privacy problem. You can't wipe away the possibility of a site getting hacked with CCleaner. You can wipe your drive a million times and it still won't make a difference whether ABCwebsite.com (for example) has secured their server and patched known vulnerabilities, for example.

You can do very little to protect websites from getting hacked, and this is what the main concern was if I'm correct. The website in question was created to announce breaches of websites where huge troves of data was stolen ie the website got hacked. When you're referring to a website a website is just a bunch of files (pages) hosted on a server somewhere. A website address is actually just an IP address disguised as something more user friendly and understandable to humans which is communicated to your computer through DNS resolution. In reality this website you are using now, Tenforums, is really just an IP address that relates to a server you are connected to. You connect to it, you make requests, the requests are either accepted or denied, the server offers resources depending on lots of things like permissions etc. You get what you want and you leave. When a website gets hacked a server gets hacked. A physical computer owned by somebody somewhere was broken into. You cannot control that.

It's often a mysterious area of interest that most people often relate to idealistic fantasy. We mention the cloud for example. The cloud doesn't exist. There's no cloud. The cloud is the internet. The internet is simply a HUGE network of computers communicating to each other through a protocol they all recognise (TCP/IP). Nothing more. When you realize these things you can become more realistic in your approach to dealing with things. Things are no longer shrouded in obscurity and/or myth and you understand your responsible compared to the responsibility of web admins.

In this way, you can then be relieved of any duty you believe you have in 'protecting' things. You can only protect yourself. Leave the websites down to the admins. If they don't know the difference between chown and chmod then you've got a problem. If they haven't patched and updated their version of ssh or apache or cpanel or something that's their issue. It sucks your data then gets leaked but in terms of what you can do, you can very little.

Other than...
Changing your passwords. Again, coming back to security it would depend on your threat model. If you're a chief exec whose had valuable information stolen that could compromise the company you look for then you're going to want to do a lot more than changing passwords. You might want to rethink your entire security posture and get some experts in to red team the infrastructure before the bad guys turn up and then hopefully fix the leaks. If you're just like the average guy, like me, like everyone else (probably) changing your passwords is more than enough. Again, your data could get leaked and it doesn't matter if your password is 10 characters or 50. If the passwords have been cracked and they were not hashed and salted then you've got a serious issue ie stored in plain text. If they have then it becomes a harder process of cracking them but not impossible. Again, very little you can do.

You'll be surprised to learn that most peoples passwords are actually on word lists and ready instantly in dictionary/word list attacks. You can download word lists for yourself and you'll find that if you really went through lots of email address you'll find those words in the list unlock most email accounts WITHOUT hacking into a server and obtaining password dumps.

It's one of those things where the chance of attack is always higher than the chance of defense. That's just how things have worked for a long time. And as a user, a customer etc you can't do much but sit back and put faith in the websites you visit and hope they store your data safely.

Hi Porthos,
no, I don't belong to any social media at all.