There have been that many high profile data breaches over the last few years including the Yahoo breach which hit around 3 billion user accounts, the LinkedIn breach which around 160 million user accounts along with many other small breaches of services across the internet. I have often used the fact that these breaches have occurred as evidence that students need to take care as to the details they share with services, the strength of the passwords they use as well as the need to ensure they do not share common passwords across different sites.
Around 6 months ago I was introduced to the Have I Been Pwned website and it is now regular a part of my lessons with students in relation to cyber security and digital citizenship. The site contains a huge database of the details which have been leaked as a part of the many publicly reported data breaches. I ask students to volunteer and enter their email addresses into the service to see if their email account has ever been involved in part of a data breach. This very much gets students engaged as they wait in anticipation to see if they have been involved in a data breach. To date at least 1 in every 3 students who volunteer and enter their email address have been identified as having their account details “pwned”. This to me is worrying as those concerned are generally unaware that any of their details may have been leaked, and therefore now be accessible on the net, prior to accessing the site.
I would recommend the use of the site with students, as well as with staff and personally to check how exposed you are to past breaches. Speaking personally, the first time I accessed the site it flagged up the fact my own personal details had been compromised as part of a breach I wasn’t aware of. Having identified this I quickly was able to change my password and take other preventative measures.