0

I run a website with a user database. I have an account with my email and I put it on a website like Have I Been Pwned, which does not reveal a breach. I also check the website's list of breaches to see if my website is included, which is not. I imagine that browsers like Chrome and Microsoft Edge use multiple databases to advise users on breaches.

What other resources could I be checking to be the first to know about a breach of my website?

miguelmorin
  • 103
  • 4

1 Answers1

1

You could add a dummy user in your database, with a non-predictable E-mail address, that serves as a canary. The E-mail address should be random enough that even a spammer using brute-force SMTP sending is unlikely to stumble on it.

If you start receiving spam or phishing on that address, it is a sign that the DB has likely been compromised.

Kate
  • 6,967
  • 20
  • 23