Feeds

back to article Has your account been pwned? New website will tell you

Security researchers have set up a website that allows punters to check whether or not their email addresses have appeared in data dumps slurped from compromised databases. Hacking attacks on sites including Gawker and the network of Sony's gaming division have led on to the publication of hundreds of thousands of users' …

COMMENTS

This topic is closed for new posts.
Happy

Nice

Does it include the 46,524 recently dumped by El Reg?

7
0
Anonymous Coward

Seemingly not...

Someone want to forward it to them? :-)

0
0

Not that useful

"Theriault concludes that if users even think their login credentials might have been compromised they ought to change their login credentials"

On which, of the many hundreds of forums and businesses I've used that email, should I change the password. Given that, in keeping with best practice, they're all unique.

Without that information it's *useless*. There's a huge difference between some old forum login I've forgotten about getting leaked and a bank account.

1
0
Joke

Does the website...

...also tell you if certain vulture mascotted IT news websites have inadvertently emailed your details to other people?

0
0

eek

my work one was on the list. i think its from when bethesda got hacked but gonna change pass again just in case....

0
0
Anonymous Coward

Of course if I'd listened to the scaremongering here

then all my details including my PSN details were be here.

Of course reality is somewhat different..

I wonder the all those El-Reg details are included on that list?

0
0
Bronze badge
FAIL

Unbelievable!

"Users enter a username or email address into the site’s search box to find out if their username has appeared in any recent public data dumps. Users are not prompted to enter their password itself."

So this website now has your email address as a result of your search, but not your password.

So what information do spammers use to send you spam?

0
10
Thumb Down

Read on past the first paragraph...

"Data entered is not stored, re-used, or given to any third parties," the terms and conditions of the site explain. Tech savvy users can submit a SHA-512 hash of their email address or username as input instead of the plaintext version.

3
0
Anonymous Coward

"Data entered is not stored, re-used, or given to any third parties,"

And if you'll trust another company who makes that statement, I've got a bridge you might be interested in. And the phone number of a deposed Nigerian prince with TWENTY MILLION UNITED STATES DOLLARS to give away.

0
0
Stop

But, in part, true...

Think about how many people are now looking for a 'how to convert plain text into SHA-512 hash' website. How would you know that one is legit, the other is not?

Hm...

0
1

Isn't that what they all say?

0
0

Don't read, or don't understand?

You are replying to a post that mentions the SHA 512 hash option, which appears in the first paragraph on the web site. Did you not read down that far in either of these, or do you think that the hash is personally-identifying or has some other value to a third party?

1
0
Black Helicopters

Very high risk indeed

It could so easily be a highly sophisticated honeytrap where it gets my IP and my email address and by matching them together with the already public information in their database it would allow them to ....

... er ...

... send me email?

1
0
Trollface

Seens legit...whistles.

0
1

So...

...I'm expected to go to this site and enter my email address? I think not. ;)

0
1
Bronze badge
FAIL

If you were tech-savvy...

...you could enter the SHA512 hash of your email address. But if you're not, why are you even here?

http://www.slavasoft.com/hashcalc/

0
0
Happy

Again, and I got downvoted for this already...

Who's to tell me that this is legit, in comparison to another website that asks you to enter your email address 'and we will check for you if your address appears on any other list'.

Are you?

Go ahead, downvote as much as you want.

But, this is a bit like that big red button that says 'do not push'... You kinda want to enter your email address, don't you? ;-)

0
0
Anonymous Coward

ha ha

10 year old email address not pwned

Lovely jubbly

0
0

All well and good until THEY get hacked...

...and the paradox causes the internet to collapse in on itself.

0
3
Go

They do explain...

that they don't store any of the actual data . They only calculate the hashes and then discard the data, to help guard against exactly such an eventuality.

0
0

Oh dear...

My email address of 12 years is on the list, but I've used that to sign up for just about everything over that time. So the email address could be on there for any number of reasons.

It has a unique 16 character random password that I created about a year ago, so should be safe. If not, tough; I really cannot be bothered to create a new one and update every password manager on all my machines again just to be sure.

Damn I wish I hadn't checked that site now!

0
0
Silver badge
Joke

Nigerian version?

Enter your email address + password + bank account number + pin number + inside leg measurement...

0
0

Hmmmm......

I entered a couple of pwned e-mail addresses from members of my Freecycle group I am getting SPAMmed from regularly and they came up as clean. I guess 5 million isn't enough.

0
0
Trollface

One day I will create a site like this where they are asked to submit an e-mail and password, and have it direct to a page that just says "Yes."

0
0
Anonymous Coward

"encouraging users to hand over even part of their logins credentials to supposed security checking sites is not necessarily good thing, Carole Theriault of Sophos notes"

Isn't that the reason why part of your credentials is public and part is private? What am I missing?

0
0
This topic is closed for new posts.