2013 has seen spate of hacking attacks on services with millions of user emails and passwords stolen. The biggest theft was from Adobe, and last week we heard how over two million passwords had been stolen using malware.
Last week a new site was launched called ‘Have I been pwned?“. This took the stolen data that had been released publicly, and simply allows you to see if your email address was in any of it. All you have to do is enter your email, and the site cross references it with the stolen data, and tells you which services if any have been hacked.
The data comes from 152,445,165 Adobe accounts, almost half a million Yahoo! accounts and more from Stratfor, Gawker, Pixel Federation and Sony. If Have I been pwned? finds your address in any of those lists, it will tell you and you can change your password.
We reached out to Have I been Pwned?’s creator Troy Hunt to ask how users could be sure that he wasn’t using the site to create a huge lists of email addresses that could be spammed in the future. Hunt says the site does not store any data from searches, and that we have to take his word for it. He points out the irony that most services make assurances about keeping user data safe, but can’t really guarantee that, as the many attacks this year have proven.
Hunt plans to add more data to his list as more hacks are made public.
This story again highlights the importance of having good passwords, and different passwords for each service. Have I been Pwned? is a useful service, too. Adobe says it informed users who were victims of the hack this year, but as I found out, they didn’t inform me, despite my email address being in the list of hacked data from Adobe.