A website called pwnedlist.com provides internauts the answer to the age-old question “Was my account hacked?”. The recently inaugurated page compares usernames or email addresses to a collection of close to 5 million records that were leaked online by hackers.
“We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise,” reads a presentation on the site.
The service was founded by Alen Puzic, a security researcher who works for TippingPoint DVLabs, a division of HP. In his noble quest he is aided by a colleague, Jasiel Spelman.
The site itself is very easy to use. All a user needs to do to learn if he was pwned
or not is to enter the address or the ID of the account he suspects of being hacked and he will quickly be provided with an answer.
The main page is topped by a counter which reveals the number of emails and usernames discovered, the figures showing that at the time of this post 4,981,012 credentials were held.
Since they're the good guys, they don't plan on revealing any of the sensitive data they possess and also, you can rest assured that they won't give the email address you provide to any shady marketers that might abuse it.
In an interview given to Threat Post
, Puzic said they were planing to add credit cards and phone numbers to the collection so users can check those also.
As it turns out, the database is growing at a rate of 50,000 accounts each week, so even if this week you're safe, you can check back after a while to see if you're still in the same position.
“I would recommend to folks to check their emails on pwnedlist on a monthly basis. Then when we add automated alerts they can setup notifications for all of their accounts and we'll send them an email if we ever come accross an account of theirs,” Puzic revealed.