Friday, 24 June 2011 11:54

Has your email been hacked?

By

Sydneysider Daniel Grzelak has put together an online database of compromised email accounts, easily searchable, to let end-users type in their email addresses to see whether they come up on the list of hacked email addresses - or not.

With so many email accounts and other personal details having leaked due to intense hacker activity, Sydneysider Daniel Grzelak has decided to put together a website letting people see whether their email addresses appear on the lists of hacked information.

Mr Grzelak's site is called 'Should I change my password?' and claims not to have anyone's password listed on the site, nor to store anyone's email address, but simply exists as a mechanism to let people see if their email address (and whatever password was used for that address on blogs or other sites) is known to the various hacker collectives.

I tried typing in one of my addresses, which came up, and another, which did not, and looking at the sources Mr Grzelak used, I was reminded that one of my email addresses was breached in the Gawker attack.

Thankfully I didn't use any of my important passwords when I signed up to Gawker, but as many, many people seem to use the exact same password for all their online activities, Mr Grzelak's site is yet another ear-piercing wake-up call to everyone to never use the same password twice.

In the 'About' section of Mr Grzelak's site, he notes that: 'LulzSec and other groups have been hacking an assortment of prominent organisations. For good or for bad, they have also been publishing their databases, which typically include emails and passwords. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.'

As Mr Gzelak reminds us all: 'Note that no passwords are stored in this database', along with another 'privacy note' stating: 'The email you enter will NOT be stored, transmitted, or otherwise used beyond this check by me or this website.'

He also lists his Twitter address @dagrz for anyone that might have 'questions or concerns', where he also lists his Facebook page for people to post 'war stories and suggestions'.

In Mr Grzelak's 'FAQ' section, he poses some questions and answers. In answer to the question 'Is this a phishing site and why should I trust it?', the answer is listed as: 'This is not a phishing site and has been vetted by a number of trustworthy individuals and organisations (see media). As the author I am also providing my contact details so you can contact me and make the decision for yourself.'

More details on page two, please read on!


The Q&A on Mr Grzelak's site continues.

The next question is: 'My email came back clean, does that mean my passwords weren't stolen?'.

The answer is: 'No. Unfortunately it only means that they weren't stolen and published as part of high profile breaches listed here. If you don't already do so, it's good practice to change passwords regularly just in case.'

Following that is the question: 'Do you store or re-use email addresses?', with the answer being 'Absolutely not. The email is used in a single database query.'

In answer to the question 'What data is stored?', we're told that: 'The following information is kept about any email published by a hacker group: email, date of last compromise, number of times compromised.'

Next up is the question: 'Can I get the compromised password(s)?', with the answer being: 'Not from this website. You can use the last compromised date to cross-reference against the source and download the relevant database yourself. No passwords are stored in this system.'

In answer to: 'Can't hackers use the site to farm email addresses for spam?', we're told: 'They can, however the complete data is freely available via torrents and other websites, and includes other information such as full names and passwords. Using this site would just be inefficient as emails would have to be brute forced and retrieved one by one.'

For those wondering: 'Isn't the site a big target for hackers?', we learn that: 'Maybe for the "lulz" or notoriety but not for the data. The complete datasets are available elsewhere and hopefully potential hackers will see the good in having a site like this available to the general public.'

For those wishing to know 'How often do you update the database?', the answer is: 'Whenever a new password database is made public. If you know of a new database that has been published and isn't listed here, please let me know on Twitter.'

The last question is 'How big is the database?', and the last answer is: 'As of June 19th 2011 there are just under 800,000 records in the database but the intention is to keep updating in perpetuity.'

So'¦ please change your passwords, and never use the same password twice!

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments