Data breaches happen constantly. If you’ve been using the same password across multiple sites — and most of us have — there’s a good chance some of your credentials have been leaked. Here’s how to check and what to do.
Step 1: Check Have I Been Pwned
Visit Have I Been Pwned (haveibeenpwned.com) and enter your email address. This site, run by security researcher Troy Hunt, aggregates data from thousands of breaches and tells you which ones your email appears in. It’s free, safe, and doesn’t store your email.
Step 2: Check Your Passwords
If you use a password manager (and you should), most modern ones — Bitwarden, 1Password, even browser-based managers — can check if your saved passwords appear in known breaches. Use this feature. It’s eye-opening.
Step 3: Use a Password Manager
A password manager generates strong, unique passwords for every site and remembers them for you. You only need to remember one master password. Bitwarden has a generous free tier, works on all devices, and is open source.
What To Do If You’ve Been Leaked
- Change that password immediately — especially if you use it on multiple sites
- Enable two-factor authentication (2FA) on every site that supports it
- Check for suspicious activity on accounts associated with that email
- Don’t panic — a leaked password doesn’t automatically mean someone’s hacked your account, but it does mean you should act fast
The South African Reality
South African companies have been involved in several major data breaches. Major retailers, banks, and service providers have all had incidents. Assume your data has been in at least one breach. The question isn’t “if” but “when” — and taking these steps now is the best defence.