Was Your Email Account Hacked? PwnedList Can Tell You

If you have an account with a company whose servers have been hacked, it's nerve-wracking to wonder whether or not your private data has been leaked onto the Internet. Thankfully, a new Web service seeks to aggregate all the leaked account data on the Internet and make it easy for you to check and see if you're on the list.

By Alex Wawro
Fri, February 03, 2012

PC World — If you have an account with a company whose servers have been hacked, it's nerve-wracking to wonder whether or not your private data has been leaked onto the Internet. Thankfully, a new Web service seeks to aggregate all the leaked account data on the Internet and make it easy for you to check and see if you're on the list.

PwnedList (pwnedlist.com) is the brainchild of Alan Puzic, a professional security intelligence researcher partial to a bit of "white-hat" (good-guy) hacker work. PwnedList was born in July 2011 as a public service to help privacy-minded people verify the security of their online accounts.

"Our goal was to design a simple-to-use online portal where an average user could check to see if his or her account credentials were leaked," said Puzic in an interview with PCWorld. Within a week, Puzic and his team (including security researchers Stephen Thomas and Jasiel Spelman) had gathered more than a million hacked accounts from websites like The Pirate Bay and PasteBin, social networks like Twitter, and even hacker forums and chatrooms. At the time of the interview, PwnedList had been operating for almost six months, with its database approaching 10 million entries.

But don't worry: Even though the folks at PwnedList are constantly seeking out compromised usernames, email addresses, and passwords, they don't store all that information in the PwnedList database. Instead, they take all the compromised account data they find (or that anonymous users submit to them) and use an algorithm to create a unique string of alphanumeric characters for every username and email address. They then save the strings in the PwnedList database before deleting the actual login information. This procedure means that no hacker can crack the PwnedList database and gain access to a single list of the hundreds of thousands of compromised accounts that the PwnedList team is aggregating.

So every time you type a username or email address into the PwnedList search engine, the server runs your request through the same algorithm used to hash the compromised accounts, compares the string generated against the strings in the database, and alerts you if there's a match. For extra security, you can even avoid typing your email or username into the PwnedList website by hashing it yourself and copying the string. PwnedList uses a 512-bit Secure Hash Algorithm (SHA) hash, so you can just use an online hash generator to convert your favorite email or username into a string of gibberish.

1 2 next page »

Originally published on www.pcworld.com. Click here to read the original story.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

You are here: Applications » E-Mail » News

Most Recent E-Mail Stories

White Papers »

Farmers Triples Email Usage and Meets FINRA Requirements with Integrated Messaging Solution

The Farmers Insurance Case Study tells the story of Perimeter's progressive relationship with Farmers Insurance and Perimeter's messaging suite of services. Download this case study now to find out the benefits of messaging solutions and how working with Perimeter can simplify your IT needs.

Microsoft Hosted Exchange - Market Quadrant 2011

This whitepaper, from the Radicati Group, is an independent analysis of the market for Microsoft Hosted Exchange, revealing top players, mature players, specialists and trail blazers.

Why You Should Consider Cloud-Based Email Archiving

Authored by messaging industry analyst The Radicati Group, this white paper looks at the key reasons organizations should consider moving to a cloud-based archiving solution. It will cover why you should outsource your archiving solution, unique benefits of cloud archiving, and Perimeter's cloud archiving solution.

Broker-Dealer Case Study: Reduced Compliance Burden with Perimeter's Message Archive

Reduced Compliance Burden with Perimeter's Message Archive.

Mobile Middleware Strategies

Learn why a mobile development platform is critical to be able to support today's complex enterprise mobility strategies. Learn what to look for in a mobile development platform and how apply these tools whether you're developing a dedicated app for one device or multiple apps running across multiple devices.

Native & HTML5 Mobile Apps: Not an either or, but a where and when

Learn how developers are using HTML5 and native development methods to build mobile apps. Get practical insights on how these tools are being used, what's driving their usage, and how to choose the best development approach for your business.

Webcasts »

Moving Your Email to the Trusted Cloud

How cloud-based email can help your company.

Leverage automation today to reduce IT complexity

Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific needs or traditional under investment, the net effect is usually the same: high cost and lower productivity. Enabling business-to-business (B2B) integration using point-to-point EDI translators is usually time intensive and cost prohibitive.

Join IDC's Maureen Fleming and SAP for an insightful Webcast on the different approaches companies are taking to B2B integration and how you can ask the right questions to reassess you B2B approach.

Delivery Management -- Extending Lifecycle Management

Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs, project delays, lower quality, and time-to-market delays. Providing a collaborative platform where the whole organization can prioritize, share and manage deliveries with more transparency can help the organizations make more informed decisions at all levels, and greatly improve communications and traceability between teams. Hear from application lifecycle management experts how to increase delivery efficiency and effectiveness with a new approach to Delivery Management.

Operational Analytics - Changing the Competitive Dynamics of the Business

Date/Time: June 5, 2012, 11:00 a.m., EDT, 4:00 p.m. BST / 3:00 p.m. UTC

Please join us for this webcast, as Dr. Barry Devlin, Founder and Principal, 9sight Consulting, describes what operational analytics can do for your business and reviews an architectural approach that will enable you to make it a reality.

BMC Control-M - Single Point of Control Demo

With BMC Control-M, you schedule and manage everything - down to the very last platform and application - from one simple interface. It's the foundation of workload automation, really - the ability to run application and business processes as one. Siloed job schedulers can't do it. BMC Control-M can.

Sun Chemical Customer Success Story

Sun Chemical, the world's largest producer of printing inks and pigments, quadrupled its complex batch environment with zero extra headcount using BMC Control-M's Automated File Transfer features.

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter