Were Your IDs, Passwords Stolen? Check PwnedList

Site lets you check whether your login details are among 5 million compromised data records amassed since June.

(click image for larger view)
Slideshow: 10 Massive Security Breaches
Up to 50,000 breached records appear online every week. Do any of them include your usernames and passwords?
Answering that question is the principle aim of free website
PwnedList.com
, which is billed by its creator as being a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise. A user enters an email address, and the site says whether its spotted that email address amongst breached records.
As of Monday, the site had amassed five million breached records, roughly 70% of which included email addresses, and 30% that had usernames, that had been pwned (hacker-speak for owned or controlled) by online attackers or inadvertently exposed online.
[End users arent the only people whose lax passwords may be compromising your security.
Are Your IT Pros Abusing Admin Passwords?
]
PwnedList was created by Alen Puzic, a security intelligence researcher for HPs TippingPoint DVLabs. Via background details posted to the site, it began as a research project to discover how many compromised accounts can be harvested programatically in just a couple of hours, he said. Thats researcher-speak for using scripts to automatically analyze large amounts of data to extract any usernames, passwords, or other sensitive information they contain. In the first experiment, interestingly, Puzic found that he could automatically retrieve 30,000 usernames and passwords after only about two hours of work, for everything from email addresses and social media login details to banking and other financial information.
Based on those findings, Puzic officially launched PwnedList.com in June to help people identify if their personal data may have been dumped online. About 80% of the data is harvested via Puzics Internet-crawling spiders, which index everything from hacking groups account dumps to Pastebin and underground hacking forums, to accidental but publicly accessible releases of public information. Meanwhile, about 20% of the information comes from voluntary, anonymous submissions.
The amount of data out there is ridiculous, and [its] not just limited to account credentials. Theres personal details such as phone numbers, addresses, and even worse, credit card numbers, but I dont store those,
Puzic told Kaspersky Labs Threatpost
.
The data that does get retained gets put through a one-way hash to secure it, and all remaining clear text data stored online gets deleted. Besides not storing any passwords found online, Puzic promises that no queries made using the website are stored, and that anyone who distrusts the sites security can
use SHA-512 hashes
as inputs.
Why use Pwnedlist? Primarily, because the free service--Puzic has said it will remain free for individuals, though businesses may at some point have to pay to use it--helps monitor whether a persons information has surfaced online. I would recommend to folks to check their emails on pwnedlist on a monthly basis. Then when we add automated alerts they can setup notifications for all of their accounts and well send them an email if we ever come [across] an account of theirs, Puzic told Threatpost.
Of course, sites such as Pwnedlist only go so far when it comes to containing the breach of a persons personal information. Another essential security strategy is to
choose unique passwords
for every different website used, and to never reuse any of those credentials. That way, even if a website does get breached, and attackers distribute, sell, or buy the stolen username and password information, the credentials will only work on the compromised site.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Were Your IDs, Passwords Stolen? Check PwnedList