Explore a range of common cyber security threats — find out how they work, how to prevent them, and what to do if they happen to you.
The information comes from data breaches of businesses and organisations. Each release could contain information from one source, or from a range of sources.
A data breach is when private and confidential information is released into an unsecured environment. This usually means that the information becomes publicly available. It also means that others can use it for personal gain, or to cause harm to a business or individual.
When the details are published online, it’s not always obvious where the information has come from. The companies involved may not be aware that the information is online.
The types of credentials varies in each release. They often include email addresses and passwords. They can be used to send spam and phishing emails to, or to access accounts.
You may not know you’re affected until it’s too late.
Several large/public data breaches have been added to a website called Have I been Pwned? While CERT NZ has no affiliation with this website, and has not verified the data contained there, it is a central repository of data breached in a range of releases. Users can visit the site to see if their email address is included in the list of released details.
If your email address has been part of a breach, change the password for that account immediately.
Some people make patterns of their passwords, to make them easier to remember. Unfortunately this makes them easy to guess. If you have reused a password on other accounts, or have a password pattern, change the passwords for those other accounts too. If your password for Adobe is Adobe123 and that information was part of a credential dump, attackers will go and try Twitter123 and Facebook123 with your email address.