You’ve certainly heard about the many companies that have been hacked and your passwords, emails, and sometimes other data get leaked onto the internet. It’s not a great thing for the company, but it’s REALLY bad for you, the consumer. If you use that same email or password on multiple sites (which many people do) you can effectively say they’ve all been compromised. It’s better to be safe than sorry so if you have an account at a breached site immediately change the password and also change the password at any other sites that use that email or password.
What if you’re not sure if your information was in a breach? There are a few resources scattered around to tell you if your email was in a breach, but you have to look carefully. They aren’t all run by scripulous people and in some cases may be a honeypot to get people to enter in their email/password which they will then use to try and login all over the internet. If any site asks you to input your password… DON’T.
To solve this issue recognized security guru Troy Hunt has put together a nice site called haveibeenpwned.com which will search several of the major breaches (see which are included and which are excluded) at once. Note that the data included is already publicly available, and he is not posting any of the sources that are available, um, not so publicly.
As an aside, I rather like the look of the site. Mobile-friendly and looks like it’s running the Twitter Bootstrap framework which I also happen to be using for an upcoming project.