Free service can tell if your email address has been compromised
The Pwnedlist database contains nearly 5 million entries for pilfered personal data.
PC World - Has your email or username been snatched by hackers and posted to the Internet? You can find the answer to that question at a new online service called Pwnedlist.
To see if your email address or username is in the service's nearly five million name database of pilfered personal data, you simply type in your information, click check, and Pwnedlist will deliver the good or bad news to you.
If the news is good--that is, your information is not in the Pwnedlist database--you can sigh with relief. If it's bad, Pwnedlist advises you not to panic. Appearing in the database doesn't necessarily mean that someone has tried to break into your account. Nevertheless, it's a good a idea to change the passwords for the account, as well as any others you have, just to be safe.
How Widespread Is the Problem?
The service is the idea of two security experts, Alen Puzic and Jasiel Spelman, who work at DVLabs, which is part of HP/TippingPoint. It occurred to them when they were experimenting with automating the harvesting of compromised information from cyberspace. In just two hours, they'd garnered the complete logins for nearly 30,000 accounts.
"The truly scary part, however, was the quality of data we were able to collect in such a short amount of time," they wrote at the Pwnedlist website. "The accounts we were able to retrieve consisted of email services, social media sites, merchants, and even financial institutions."
Those revelations prompted the pair to set up Pwnedlist, which is designed to be secure from the ground up. Only email addresses and user names are harvested by Pwnedlist. Everything else in an information dump is discarded. Before information is put into the database, it's put through a cryptographic process called a "one-way hash" and the original text is destroyed. In addition, there is no storage of any information you type into site.
However, the service does store the IP addresses of its visitors as a security precaution. In an interview with security writer Brian Krebs, Puzic explained that every week or two someone tries to hack into the site or plant malware there.
In addition to the Pwnedlist site, the security duo has a Twitter account where they post the sources of the latest information added to the Pwnedlist database.
Among security experts, 2011 has already been anointed "Year of the Data Breach." Millions of people have had their email addresses, user names, passwords and more clipped by crackers breaking into the data stores of companies like Sony, Epsilon, Google, Citigroup and Sega. What's more many more less publicized breaches occur daily. So Pwnedlist couldn't be coming online at a better time.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!