[SOLVED] Have I been pwned? Which passwords?

[CMayo]

The haveibeenpwned dot com site will tell me if my email address or phone number was included in a data breach, but doesn't seem to tell me which of my past passwords have been compromised. I've had my address for 20 years and have used multiple passwords in multiple places... is there a way to easily find out which passwords have been exposed?

The site also has a password search that will tell me if a password has been leaked, but doesn't seem to tell me which usernames were leaked with the password.

The missing information could easily be misused so I guess it makes sense that the site's not giving out complete credentials, but where's the value in a website that will only tell me that one of the many passwords I've used with one of my several email address on one of the many, many websites where I have accounts may have been compromised at some undisclosed point in the past?

Is there a better way to find out exactly which credentials have been compromised?

 

[Zerk2012]

The haveibeenpwned dot com site will tell me if my email address or phone number was included in a data breach, but doesn't seem to tell me which of my past passwords have been compromised. I've had my address for 20 years and have used multiple passwords in multiple places... is there a way to easily find out which passwords have been exposed?

The site also has a password search that will tell me if a password has been leaked, but doesn't seem to tell me which usernames were leaked with the password.

The missing information could easily be misused so I guess it makes sense that the site's not giving out complete credentials, but where's the value in a website that will only tell me that one of the many passwords I've used with one of my several email address on one of the many, many websites where I have accounts may have been compromised at some undisclosed point in the past?

Is there a better way to find out exactly which credentials have been compromised?

Did you get that in a Email? I really don't trust anything like that. You can easily change all your passwords.

 

[Deleted member 14196]

I also recommend changing all your passwords and use strong passwords

 

[CMayo]

Did you get that in a Email? I really don't trust anything like that. You can easily change all your passwords.

I also recommend changing all your passwords and use strong passwords

Thanks for those comments, but they don't really pertain to my question.

 

[mdd1963]

If you are looking for some website that lists specific logon/userid/password combos that are known compromised just for some sort of reassurances based on a lack of your data being present, good luck....(it does not exist!)

I'd be quite leery of entering in any passwords in any alleged websites to 'check' them for known compromise, which in itself would be wayyyy too trusting!!

If in doubt, change them all... if you are using P@ssword1! or anything similarly short/predictable, I'd simply follow the advice you were given earlier.

There are quite a few password management applications.

 

[Ralston18]

Seconding @mdd1963 and the other suggestions that have been made.

Would you, @CMayo, send a bank account number to some website that claims it can tell you if anyone has attempted to hack that account?

There is no value any websites that claim to tell you if personal information has been compromised. Before they can really tell you anything they need to and will solicit additional personal information from you. ( And maybe ask for money later.)

That information plus any other personal information they might have obtained will only make you more vulnerable.

Most banks and other organizations are now legally obligated to inform you about any potential or actual security breaches. Deal with your account holders directly - person to person if there are definite problems or concerns.

Do not go online to unknown (and even some known) websites.

And make password changes part of your routine. Generally an easy process if done before a password expires.

 

[alceryes]

The haveibeenpwned dot com site will tell me if my email address or phone number was included in a data breach, but doesn't seem to tell me which of my past passwords have been compromised. I've had my address for 20 years and have used multiple passwords in multiple places... is there a way to easily find out which passwords have been exposed?

The site also has a password search that will tell me if a password has been leaked, but doesn't seem to tell me which usernames were leaked with the password.

The missing information could easily be misused so I guess it makes sense that the site's not giving out complete credentials, but where's the value in a website that will only tell me that one of the many passwords I've used with one of my several email address on one of the many, many websites where I have accounts may have been compromised at some undisclosed point in the past?

Is there a better way to find out exactly which credentials have been compromised?

To answer your question, No.
haveibeenpwned doesn't tell you whether or not your specific accounts have been compromised. It just tells you whether passwords that you use (have used) have been found in online lists. As others have said, your best option would be to change your password anywhere that compromised password is still used.