I often come across employees who use their official email address to subscribe on LinkedIn, Adobe, Dropbox and other personal social media accounts. And “some” employees really do not care and use the same password for everything.
What “if” such Adobe or social media accounts are compromised?
What “if” they have used the same password of their official email account for social media accounts too?
We can’t do much other than educating users to follow best security practices. And we cannot keep track of every breach to find out if our corporate email addresses are listed.
However there are few free resources available to help you. I recommend everyone to register your email domain to such an amazing free service to get automatically notified if your personal or corporate accounts are listed in account breaches.
haveibeenpwned.com Domain search allows you to find all email addresses on a particular domain that have been caught up in any of the data breaches currently in the system. You can also receive notifications if they appear in future breaches by providing a notification email. Before you can perform a domain search, you need to verify that you control the domain you’re searching. If you cannot verify that you control the domain, you will not be able to search for breached email addresses.
The domain verification can be performed by either responding to one of the standard email addresses below, adding a TXT entry to the domain, adding a meta tag to the HTML at the root of the domain or uploading a .txt file to the site.
NormShield Breach Service is another free one that helps you to identify if your account has been compromised before. Search your domain or email address in their huge breach data. You can also get notified in future breaches by subscribing to their service.