Free service can tell if your email address has been compromised
The Pwnedlist database contains nearly 5 million entries for pilfered personal data.
PC World - Has your email or username been snatched by hackers and posted to the Internet? You can find the answer to that question at a new online service called Pwnedlist.
To see if your email address or username is in the service's nearly five million name database of pilfered personal data, you simply type in your information, click check, and Pwnedlist will deliver the good or bad news to you.
If the news is good--that is, your information is not in the Pwnedlist database--you can sigh with relief. If it's bad, Pwnedlist advises you not to panic. Appearing in the database doesn't necessarily mean that someone has tried to break into your account. Nevertheless, it's a good a idea to change the passwords for the account, as well as any others you have, just to be safe.
How Widespread Is the Problem?
The service is the idea of two security experts, Alen Puzic and Jasiel Spelman, who work at DVLabs, which is part of HP/TippingPoint. It occurred to them when they were experimenting with automating the harvesting of compromised information from cyberspace. In just two hours, they'd garnered the complete logins for nearly 30,000 accounts.
"The truly scary part, however, was the quality of data we were able to collect in such a short amount of time," they wrote at the Pwnedlist website. "The accounts we were able to retrieve consisted of email services, social media sites, merchants, and even financial institutions."
Those revelations prompted the pair to set up Pwnedlist, which is designed to be secure from the ground up. Only email addresses and user names are harvested by Pwnedlist. Everything else in an information dump is discarded. Before information is put into the database, it's put through a cryptographic process called a "one-way hash" and the original text is destroyed. In addition, there is no storage of any information you type into site.
However, the service does store the IP addresses of its visitors as a security precaution. In an interview with security writer Brian Krebs, Puzic explained that every week or two someone tries to hack into the site or plant malware there.
In addition to the Pwnedlist site, the security duo has a Twitter account where they post the sources of the latest information added to the Pwnedlist database.
Among security experts, 2011 has already been anointed "Year of the Data Breach." Millions of people have had their email addresses, user names, passwords and more clipped by crackers breaking into the data stores of companies like Sony, Epsilon, Google, Citigroup and Sega. What's more many more less publicized breaches occur daily. So Pwnedlist couldn't be coming online at a better time.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts