We all share our personal information online daily with multiple parties. Many of us, unwisely, also use the same login information for multiple sites. While most of us pay particular attention to security we have little control over the sites we contact and the practices they follow and those who are susceptible to malware or phishing emails are particularly vulnerable!
This presents a problem, and a particularly big one, for those who reuse login information for multiple sites. Once a “bad guy” gets access to your login information from any source it is most probable that they will try to use that information to log into common financial institutions and other sites. At worst you might lose a ton of money and at best your online reputation could be sullied.
Herein lies the problem. Often times sites which are compromised do little to notify their users or members. How do you know when, or if, your information is out there? How many users are infected and are sharing their information without their knowledge?
Enter security researchers Alen Puzic and Jasiel Spelman who started pwnedlist.com. Pwnedlist allows you to quickly and securely compare your information against their database of almost 5 million compromised email addresses and usernames!
PwnedList is a tool that allows an average person to check if their online accounts have been compromised. The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords.
We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise. This site was designed to be secure from the ground up. Our data harvesters only extract usernames and emails from account dumps, everything else (including passwords) is discarded. Once extracted, emails and usernames are put through a one-way hash and the cleartext destroyed. Additionally, no data you enter as part of your query is ever stored by us in any shape or form. The purpose of this project is hopefully to raise security awareness, encourage users to be more proactive about handling their personal security in cyberspace and at the same time help people monitor their accounts for potential compromises.
pwnedlist.com is a site you should 1). Visit to test your email address and logins to if they are in the “wild”, and 2). Tuck away in your security toolbox!
Head on over pwnedlist.com to test the security of your addresses and logins.