Following last week's hack of Qantas Frequent Flyer data, we're all reminded of the fragility of our personal information. Cybercrime isn't going away anytime soon, so here's how to tell if you've been hacked and spot what needs fixing.

A free, safe tool created by an Australian cybersecurity expert is helping people around the world check exactly that.

The site helping millions spot stolen data

Have I Been Pwned (yes, it’s pronounced “pawned”) is a website built by Troy Hunt, a Gold Coast-based cybersecurity professional who’s considered one of the world’s leading experts in online safety. He’s worked with government agencies, major tech companies like Microsoft, and regularly appears in the media breaking down digital privacy issues.

What makes his website special is simple: Hunt gathers publicly available data leaks and breach dumps from the internet (often from the dark web, forums, or databases published by hackers) and turns them into a searchable, secure tool.

You can enter your email address on haveibeenpwned.com and see if it appears in any of the known breaches he’s collected. The site doesn’t show your password or other personal information — just the name of the company or service where your data was compromised, and what kind of information was exposed (like passwords, phone numbers or addresses).

It’s free, trusted, and used by law enforcement agencies, security firms, and over 100 million people globally. Importantly, it doesn’t store your email or use it for anything else, making it safe for anyone to try.

What to do if your data’s been breached

If Have I Been Pwned says your email address has been found in one or more breaches, don’t panic — but do take action.

Here’s what you should do:

1. Change your password immediately on the affected service.

2. If you’ve used the same password elsewhere, change those too.

3. Enable two-factor authentication (2FA) wherever possible — this sends a special code to your phone when logging in, making it harder for others to access your account even if they know your password.

4. Keep an eye on your inbox and accounts for suspicious activity.

Unfortunately, most people still reuse the same password across multiple accounts, making it easy for hackers to gain access to more than just one service.

How to start using a password manager

If you’ve ever kept passwords on sticky notes, in a notebook, or worse — reused them across sites — it’s time to make life easier and more secure with a password manager.

Password managers are apps that store your passwords in a secure “vault,” and can automatically fill them in when you log in to websites or apps. Most also suggest strong passwords when you sign up for a new account.

Popular and trustworthy options include:

• Apple Passwords (built into all iPhones, iPads and Macs)

• Google Password Manager (built into Android devices and Chrome browser)

• 1Password

• Bitwarden (has a free version)

• Dashlane

To use one:

• Download the app from the App Store or Google Play.

• Set up your account with a strong master password.

• Let the manager save your passwords as you go about your day.

• Next time you log in to a website, it will offer to fill it in for you.

It’s a small change that offers big peace of mind.

What to look out for when it comes to scam emails

Even if your password hasn’t been stolen, hackers may try to trick you into handing it over.

These scams, known as phishing emails, might look like they’re from your bank, the ATO, or a company you trust. They often claim something urgent, like suspicious activity or unpaid bills, and include a link to “log in” or update your details.

Here are some tips:

• Never click on a link in an email unless you’re absolutely sure it’s legitimate.

• Check the sender address — if it looks odd or unfamiliar, delete it.

• When in doubt, open a new browser window and visit the website directly rather than using the email link.

• Install spam filters and keep your software updated to reduce the number of these emails reaching your inbox.