We thought our addresses were pretty secure, but that was before testing this service created by a cybersecurity expert.
Millions of email addresses end up in hacked databases every year. We don’t always realize it, until the day a site reminds us in black and white. We tested one of these services, which is supposed to indicate whether our personal information has already been leaked. And the result is food for thought.
By entering a simple Gmail address on this site, the response was not long in coming: seven hacks recorded in recent years. The most recent is from 2024, linked to Notsocradar. Before that, the data had already circulated during incidents on Twitter in 2021, Canva and Deezer in 2019, then on 8fit, Shein and Romwe in 2018. In other words, this address, used for years, was compromised several times, on very different services, often at distant periods. To check if the phenomenon repeats itself, we tested another email address, this time hosted on Hotmail. Six hacks detected, including Tumblr and Dailymotion, but also other services never used.
Indeed, what is striking is that we do not recognize all the names. Some sites are completely foreign to us. However, the address appears there, proof that leaks do not always concern accounts created voluntarily. Data may be resold, transferred or aggregated by partner platforms. What’s more, in these lists, information circulates freely: address, password, sometimes even other personal details. As you will have understood, the idea that identifiers can appear where we have never set foot can indeed be disconcerting, but nevertheless common. In this context, massive leaks suck up millions of accounts at a time, without distinction, before the data is exchanged or resold.
The site we used is called Have I Been Pwned. Created by cybersecurity researcher Troy Hunt, it lists billions of credentials from public hacks. Free and recognized, it is currently one of the most reliable ways to find out if an email address has been exposed.
Thus, faced with the growing concern of users, Google reacted. The company has issued several security recommendations, including enabling two-factor authentication and immediately changing affected passwords. Experts repeat the same thing: use a different password for each service, avoid obvious combinations and enable two-step verification. These reflexes limit the damage when a leak occurs. Think about it!
