back to article Has your account been pwned? New website will tell you

Security researchers have set up a website that allows punters to check whether or not their email addresses have appeared in data dumps slurped from compromised databases. Hacking attacks on sites including Gawker and the network of Sony's gaming division have led on to the publication of hundreds of thousands of users' …

COMMENTS

This topic is closed for new posts.
  1. Platelet
    Happy

    Nice

    Does it include the 46,524 recently dumped by El Reg?

    1. Anonymous Coward
      Anonymous Coward

      Seemingly not...

      Someone want to forward it to them? :-)

  2. TonyHoyle

    Not that useful

    "Theriault concludes that if users even think their login credentials might have been compromised they ought to change their login credentials"

    On which, of the many hundreds of forums and businesses I've used that email, should I change the password. Given that, in keeping with best practice, they're all unique.

    Without that information it's *useless*. There's a huge difference between some old forum login I've forgotten about getting leaked and a bank account.

  3. craigj
    Joke

    Does the website...

    ...also tell you if certain vulture mascotted IT news websites have inadvertently emailed your details to other people?

  4. Anonymous Coward
    Anonymous Coward

    Of course if I'd listened to the scaremongering here

    then all my details including my PSN details were be here.

    Of course reality is somewhat different..

    I wonder the all those El-Reg details are included on that list?

  5. Citizen Kaned

    eek

    my work one was on the list. i think its from when bethesda got hacked but gonna change pass again just in case....

  6. Anonymous IV
    FAIL

    Unbelievable!

    "Users enter a username or email address into the site’s search box to find out if their username has appeared in any recent public data dumps. Users are not prompted to enter their password itself."

    So this website now has your email address as a result of your search, but not your password.

    So what information do spammers use to send you spam?

    1. __PB__
      Thumb Down

      Read on past the first paragraph...

      "Data entered is not stored, re-used, or given to any third parties," the terms and conditions of the site explain. Tech savvy users can submit a SHA-512 hash of their email address or username as input instead of the plaintext version.

      1. Anonymous Coward
        Anonymous Coward

        "Data entered is not stored, re-used, or given to any third parties,"

        And if you'll trust another company who makes that statement, I've got a bridge you might be interested in. And the phone number of a deposed Nigerian prince with TWENTY MILLION UNITED STATES DOLLARS to give away.

        1. ARaybould

          Don't read, or don't understand?

          You are replying to a post that mentions the SHA 512 hash option, which appears in the first paragraph on the web site. Did you not read down that far in either of these, or do you think that the hash is personally-identifying or has some other value to a third party?

        2. Eddie Edwards
          Black Helicopters

          Very high risk indeed

          It could so easily be a highly sophisticated honeytrap where it gets my IP and my email address and by matching them together with the already public information in their database it would allow them to ....

          ... er ...

          ... send me email?

      2. TheRealRoland
        Stop

        But, in part, true...

        Think about how many people are now looking for a 'how to convert plain text into SHA-512 hash' website. How would you know that one is legit, the other is not?

        Hm...

      3. Daniel Evans

        Isn't that what they all say?

  7. Dick Emery
    Trollface

    Seens legit...whistles.

  8. Anonymous Coward
    Anonymous Coward

    So...

    ...I'm expected to go to this site and enter my email address? I think not. ;)

    1. This post has been deleted by its author

      1. TheRealRoland
        Happy

        Again, and I got downvoted for this already...

        Who's to tell me that this is legit, in comparison to another website that asks you to enter your email address 'and we will check for you if your address appears on any other list'.

        Are you?

        Go ahead, downvote as much as you want.

        But, this is a bit like that big red button that says 'do not push'... You kinda want to enter your email address, don't you? ;-)

  9. Anonymous Coward
    Anonymous Coward

    ha ha

    10 year old email address not pwned

    Lovely jubbly

  10. Studley

    All well and good until THEY get hacked...

    ...and the paradox causes the internet to collapse in on itself.

    1. Anonymous Coward
      Go

      They do explain...

      that they don't store any of the actual data . They only calculate the hashes and then discard the data, to help guard against exactly such an eventuality.

  11. Connor

    Oh dear...

    My email address of 12 years is on the list, but I've used that to sign up for just about everything over that time. So the email address could be on there for any number of reasons.

    It has a unique 16 character random password that I created about a year ago, so should be safe. If not, tough; I really cannot be bothered to create a new one and update every password manager on all my machines again just to be sure.

    Damn I wish I hadn't checked that site now!

  12. Winkypop Silver badge
    Joke

    Nigerian version?

    Enter your email address + password + bank account number + pin number + inside leg measurement...

  13. Nick Pettefar

    Hmmmm......

    I entered a couple of pwned e-mail addresses from members of my Freecycle group I am getting SPAMmed from regularly and they came up as clean. I guess 5 million isn't enough.

  14. LoopyChew
    Trollface

    One day I will create a site like this where they are asked to submit an e-mail and password, and have it direct to a page that just says "Yes."

  15. Anonymous Coward
    Anonymous Coward

    "encouraging users to hand over even part of their logins credentials to supposed security checking sites is not necessarily good thing, Carole Theriault of Sophos notes"

    Isn't that the reason why part of your credentials is public and part is private? What am I missing?

This topic is closed for new posts.

Other stories you might like