Overview
If a company you have an account with has suffered a data breach, it’s possible your email may have been pwned, which means your email and password for that site’s account has been exposed to cybercriminals.
Cyber-criminals can use stolen information from these data breaches to target you with phishing emails and other scams.
To continue to protect your online accounts and avoid falling for a scam, similar to how you would check a bank statement for unauthorized transactions, it is important to periodically review and be aware of sites where your information may have been exposed.
Solution
HaveIBeenPwned.com is a website that you can use to test your work and personal email accounts to see if those accounts have been involved in a breach. It is important to check if your information has been compromised especially if you share passwords across multiple accounts (a big no-no!). We encourage users to use strong passwords that are unique for each site.
- Go to haveibeenpwned.com
- Enter your work or personal email address and click pwned?
- Scroll to the "Breaches you were pwned in" section to review the sites where your information was pwned.
- If you actively use the website and password is listed after "Compromised data," change the password on that website. If the site supports two-factor authentication, set up that additional protection for your account.
What does pwned mean?
Pwned is a slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership.
What is a breach?
A data breach occurs when sensitive information has potentially been viewed, stolen or used by an unauthorized individual.
How do I know the site isn’t just harvesting searched email addresses?
The site is a free service used throughout the industry for people to determine if their email address or password has been put onto public or dark web credential bulletin boards as a result of a breach. If you used a particular email address and password on a site that has been breached, it’s likely that the address or password will show up on HaveIBeenPwned.
What do I do if HaveIBeenPwned finds a match?
If you find out you have been pwned, please change your passwords (especially for those affected accounts). Similar to two-factor authentication that is available at Rowan, if the site supports it, proceed to set up two-factor authentication on these external sites as well.
What should I do if I fell for or responded to a scam?
Visit our page on for more information on What to Do If You Responded to an Email Scam.
How can I spot a phishing or email scam?
Visit our Phishing and Malware page for more information and tips on how to identify fraudulent e-mail and phishing schemes.
Are there any other security tips I should follow?
Visit our Security Awareness page for free training and tips for protecting your devices and personal information.
Who can I speak to if I have more questions?
For any technology questions, including to report a scam, please contact the Technology Support Center at 856-256-4400 or support@rowan.edu. If you received or have responded to a suspicious email and provided your Rowan University account information, it is critical that you report these types of incidents immediately so that the Technology Support Center can guide you on appropriate steps to protect your account. Acting quickly will help minimize the risk to your own account as well as protect the University.
For any security questions or to contact the Information Security Office, please send an email to iso@rowan.edu.