Free service can tell if your email address has been compromised
The Pwnedlist database contains nearly 5 million entries for pilfered personal data.
PC World - Has your email or username been snatched by hackers and posted to the Internet? You can find the answer to that question at a new online service called Pwnedlist.
To see if your email address or username is in the service's nearly five million name database of pilfered personal data, you simply type in your information, click check, and Pwnedlist will deliver the good or bad news to you.
If the news is good--that is, your information is not in the Pwnedlist database--you can sigh with relief. If it's bad, Pwnedlist advises you not to panic. Appearing in the database doesn't necessarily mean that someone has tried to break into your account. Nevertheless, it's a good a idea to change the passwords for the account, as well as any others you have, just to be safe.
How Widespread Is the Problem?
The service is the idea of two security experts, Alen Puzic and Jasiel Spelman, who work at DVLabs, which is part of HP/TippingPoint. It occurred to them when they were experimenting with automating the harvesting of compromised information from cyberspace. In just two hours, they'd garnered the complete logins for nearly 30,000 accounts.
"The truly scary part, however, was the quality of data we were able to collect in such a short amount of time," they wrote at the Pwnedlist website. "The accounts we were able to retrieve consisted of email services, social media sites, merchants, and even financial institutions."
Those revelations prompted the pair to set up Pwnedlist, which is designed to be secure from the ground up. Only email addresses and user names are harvested by Pwnedlist. Everything else in an information dump is discarded. Before information is put into the database, it's put through a cryptographic process called a "one-way hash" and the original text is destroyed. In addition, there is no storage of any information you type into site.
However, the service does store the IP addresses of its visitors as a security precaution. In an interview with security writer Brian Krebs, Puzic explained that every week or two someone tries to hack into the site or plant malware there.
In addition to the Pwnedlist site, the security duo has a Twitter account where they post the sources of the latest information added to the Pwnedlist database.
Among security experts, 2011 has already been anointed "Year of the Data Breach." Millions of people have had their email addresses, user names, passwords and more clipped by crackers breaking into the data stores of companies like Sony, Epsilon, Google, Citigroup and Sega. What's more many more less publicized breaches occur daily. So Pwnedlist couldn't be coming online at a better time.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts