Easy way to check if your computer is/was compromised now or in the past
With the recent addition of Naz.API dataset (a massive collection of over 1 billion stolen username and passwords) to HIBP service ("Have I Been Pwned" - a service by troyhunt.com), it is now very easy to check if your computer is compromised by information stealing malware now or in the past.
Go to the HIBP service at https://haveibeenpwned.com and enter your e-mail (don’t worry, it is 100% safe) and check the search results. The results may span several pages, so make sure to scroll down and check all the breaches your email is listed as compromised. Keep in mind that it is not at all unusual to see your email show up on multiple breaches. For example, see the screenshot below of my own email search.
As you scroll through the list, check if your email is listed for Naz.API. If your email was one of the unfortunate one to be included in the Naz.API list, it is a clear indication that your computer is now or in the past was compromised and information was stolen. The very least you can do is to make sure your current password is not included in the list. There are couple of ways you can check. I know some password managers like 1Password for example can check all your passwords against HIBP database. If you don’t use any tools that support checking your password in HIBP database you are welcome to use my php script at my GitHub repo below which does the same thing, the only caveat is that it checks one password at a time against HIBP database, so you have to repeat that for all your passwords.
How to run: If you are on a Mac or Linux, you can run the script directly with the two commands as shown below ... If you are windows, you have to install php, curl etc first which is beyond the scope of this blog.
curl -s https://raw.githubusercontent.com/aselvan/scripts/master/security/pwned_password.php -o /tmp/pwned_password.php
php /tmp/pwned_password.php
If you are unfortunate to have your password listed in HIBP as per the tools (1Password or my script or any others that check your password against HIBP), and if it is any of your current passwords, change it ASAP and enable 2F if that’s not already in place. If your current password is not found, it means an old password you used in the past was compromised. Still, it is a good idea to change all your passwords ASAP.
If you use more than one email address now or in the past, repeat this for each e-mail.
For further details can be found at the following links