Friday, 24 June 2011 11:54

Has your email been hacked?


Sydneysider Daniel Grzelak has put together an online database of compromised email accounts, easily searchable, to let end-users type in their email addresses to see whether they come up on the list of hacked email addresses - or not.

With so many email accounts and other personal details having leaked due to intense hacker activity, Sydneysider Daniel Grzelak has decided to put together a website letting people see whether their email addresses appear on the lists of hacked information.

Mr Grzelak's site is called 'Should I change my password?' and claims not to have anyone's password listed on the site, nor to store anyone's email address, but simply exists as a mechanism to let people see if their email address (and whatever password was used for that address on blogs or other sites) is known to the various hacker collectives.

I tried typing in one of my addresses, which came up, and another, which did not, and looking at the sources Mr Grzelak used, I was reminded that one of my email addresses was breached in the Gawker attack.

Thankfully I didn't use any of my important passwords when I signed up to Gawker, but as many, many people seem to use the exact same password for all their online activities, Mr Grzelak's site is yet another ear-piercing wake-up call to everyone to never use the same password twice.

In the 'About' section of Mr Grzelak's site, he notes that: 'LulzSec and other groups have been hacking an assortment of prominent organisations. For good or for bad, they have also been publishing their databases, which typically include emails and passwords. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.'

As Mr Gzelak reminds us all: 'Note that no passwords are stored in this database', along with another 'privacy note' stating: 'The email you enter will NOT be stored, transmitted, or otherwise used beyond this check by me or this website.'

He also lists his Twitter address @dagrz for anyone that might have 'questions or concerns', where he also lists his Facebook page for people to post 'war stories and suggestions'.

In Mr Grzelak's 'FAQ' section, he poses some questions and answers. In answer to the question 'Is this a phishing site and why should I trust it?', the answer is listed as: 'This is not a phishing site and has been vetted by a number of trustworthy individuals and organisations (see media). As the author I am also providing my contact details so you can contact me and make the decision for yourself.'

More details on page two, please read on!

The Q&A on Mr Grzelak's site continues.

The next question is: 'My email came back clean, does that mean my passwords weren't stolen?'.

The answer is: 'No. Unfortunately it only means that they weren't stolen and published as part of high profile breaches listed here. If you don't already do so, it's good practice to change passwords regularly just in case.'

Following that is the question: 'Do you store or re-use email addresses?', with the answer being 'Absolutely not. The email is used in a single database query.'

In answer to the question 'What data is stored?', we're told that: 'The following information is kept about any email published by a hacker group: email, date of last compromise, number of times compromised.'

Next up is the question: 'Can I get the compromised password(s)?', with the answer being: 'Not from this website. You can use the last compromised date to cross-reference against the source and download the relevant database yourself. No passwords are stored in this system.'

In answer to: 'Can't hackers use the site to farm email addresses for spam?', we're told: 'They can, however the complete data is freely available via torrents and other websites, and includes other information such as full names and passwords. Using this site would just be inefficient as emails would have to be brute forced and retrieved one by one.'

For those wondering: 'Isn't the site a big target for hackers?', we learn that: 'Maybe for the "lulz" or notoriety but not for the data. The complete datasets are available elsewhere and hopefully potential hackers will see the good in having a site like this available to the general public.'

For those wishing to know 'How often do you update the database?', the answer is: 'Whenever a new password database is made public. If you know of a new database that has been published and isn't listed here, please let me know on Twitter.'

The last question is 'How big is the database?', and the last answer is: 'As of June 19th 2011 there are just under 800,000 records in the database but the intention is to keep updating in perpetuity.'

So'¦ please change your passwords, and never use the same password twice!


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News