14 DAY TRIAL // In case you’re concerned that your password might have been compromised in a cyberattack, you might want to give “Have I Been Pwned?” a try. The service, launched this week by security expert Troy Hunt, compares users’ email addresses to the ones leaked in major data breaches.
Troy came up with the idea to develop the website after checking to see if his accounts were included in the Adobe breach with a tool from LastPass.
Currently, “Have I Been Pwned?” is powered by a database of around 154 million records, namely the information leaked in the Adobe, Stratfor, Gawker, Yahoo and Sony hacks. Of course, most of them, around 152.4 million, come from the recent Adobe breach.
The service, which runs on Windows Azure, is very easy to use. You simply enter your email address and it almost instantly tells you if it has been compromised in one of the aforementioned attacks. The application shows the names of the companies and the circumstances in which their systems have been compromised.
Since such a database of credentials might be considered highly valuable by cybercriminals, “Have I Been Pwned?” doesn’t store any passwords.
“I’m not storing them. Nada. Zip. I just don’t need them and frankly, I don’t want the responsibility either. This is all about raising awareness of the breadth of breaches,” the expert noted.
It’s also worth noting that the service doesn’t work on Internet Explorer 8 for technical reasons.
In the future, Troy promises to extend the database of compromised accounts.
To learn more about the service, check out Troy Hunt’s blog. You can also check out how he developed the website. To see if your password has been pwned, check out haveibeenpwned.com.