Given the amount of spam that we get at Everything Express, ostensibly from legitimate e-mail addresses, I was directed to an interesting tool recently: PwnedList
“PwnedList is a tool that allows an average person to check if their online accounts have been compromised.”
The site is a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise. This site was designed to be secure from the ground up.
No data you enter as part of your query is ever stored in any shape or form. The purpose of this project is hopefully to raise security awareness, encourage users to be more proactive about handling their personal security in cyberspace and at the same time help people monitor their accounts for potential compromises.
PwnedList is maintained by a small group of security researchers who work on it their spare time, principally Alen Puzic and Stephen Thomas.
The site started out as small research project with a rather simple premise: to discover how many compromised accounts can be harvested programatically. In the first 2 hours pwnedlist had close to 30,000 accounts, complete with logins and passwords, email services, social media sites, merchants and even financial institutions.
Pwnedlist has two principal sources of data: the manual collection of data from account dumps made by various hacker groups and an automated harvesting system that is able to spider 40% from the Internet, all without human intervention. The data harvesters only extract emails from account dumps, everything else (including passwords) is discarded.
If you find one of your passwords listed in the Pwnedlist database, you should change that password immediately in each and every site on which you’ve used it. AJS