With all the hacks that have taken place over the past few years, there's a good chance you've heard of 'Have I Been Pwned'. Simple enter your email address and then HIBP will show you all the services you've signed up for that have suffered data breaches - and when those breaches occurred. Now it turns out that members of the government have been using it to monitor their own domains.
We’re excited for the opportunity to work alongside Troy and we’re looking forward to trailing the use of his service in the coming weeks to help alert UK Government departments if their users have potentially compromised credentials https://t.co/L1usl2qwUt
— NCSC UK (@ncsc) March 2, 2018
Sites like HIBP showcase just how important it is not to use the same password for every service you sign up for. If you do, and data from one leaks into the wild, you suddenly have to deal with the fact there are several services out there people can access without having to try very hard. For your crappy MySpace account or maybe even LinkedIn, that doesn't matter too much. But if you work in a sensitive job, then keeping tabs on your personal security is essential.
Because it can also let you check domains, it means the government can keep tabs on everyone with a specific email domains - including government emails. That's why the National Cyber Security Centre has signed up to HIBP, with central monitoring that keeps tabs on any breaches as and when they happen. Apparently governments around the world have been using HIBP to monitor their domains independently, but by signing up NCSC can unify all that and simplify the process.
That means if there is an MP who's signed up for Pornhub with their work email any breaches can be spotted and passwords changed before any damage can be done.
For anyone wondering about the implications on your taxes or the government budget, HIBP's Troy Hunt has confirmed in a blog post that the NCSC (and Australian Cyber Security Centre) won't be paying a penny for the service. [Troy Hunt via TechCrunch]