Friday, 24 June 2011 11:54

Has your email been hacked?

By

Sydneysider Daniel Grzelak has put together an online database of compromised email accounts, easily searchable, to let end-users type in their email addresses to see whether they come up on the list of hacked email addresses - or not.

With so many email accounts and other personal details having leaked due to intense hacker activity, Sydneysider Daniel Grzelak has decided to put together a website letting people see whether their email addresses appear on the lists of hacked information.

Mr Grzelak's site is called 'Should I change my password?' and claims not to have anyone's password listed on the site, nor to store anyone's email address, but simply exists as a mechanism to let people see if their email address (and whatever password was used for that address on blogs or other sites) is known to the various hacker collectives.

I tried typing in one of my addresses, which came up, and another, which did not, and looking at the sources Mr Grzelak used, I was reminded that one of my email addresses was breached in the Gawker attack.

Thankfully I didn't use any of my important passwords when I signed up to Gawker, but as many, many people seem to use the exact same password for all their online activities, Mr Grzelak's site is yet another ear-piercing wake-up call to everyone to never use the same password twice.

In the 'About' section of Mr Grzelak's site, he notes that: 'LulzSec and other groups have been hacking an assortment of prominent organisations. For good or for bad, they have also been publishing their databases, which typically include emails and passwords. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.'

As Mr Gzelak reminds us all: 'Note that no passwords are stored in this database', along with another 'privacy note' stating: 'The email you enter will NOT be stored, transmitted, or otherwise used beyond this check by me or this website.'

He also lists his Twitter address @dagrz for anyone that might have 'questions or concerns', where he also lists his Facebook page for people to post 'war stories and suggestions'.

In Mr Grzelak's 'FAQ' section, he poses some questions and answers. In answer to the question 'Is this a phishing site and why should I trust it?', the answer is listed as: 'This is not a phishing site and has been vetted by a number of trustworthy individuals and organisations (see media). As the author I am also providing my contact details so you can contact me and make the decision for yourself.'

More details on page two, please read on!


The Q&A on Mr Grzelak's site continues.

The next question is: 'My email came back clean, does that mean my passwords weren't stolen?'.

The answer is: 'No. Unfortunately it only means that they weren't stolen and published as part of high profile breaches listed here. If you don't already do so, it's good practice to change passwords regularly just in case.'

Following that is the question: 'Do you store or re-use email addresses?', with the answer being 'Absolutely not. The email is used in a single database query.'

In answer to the question 'What data is stored?', we're told that: 'The following information is kept about any email published by a hacker group: email, date of last compromise, number of times compromised.'

Next up is the question: 'Can I get the compromised password(s)?', with the answer being: 'Not from this website. You can use the last compromised date to cross-reference against the source and download the relevant database yourself. No passwords are stored in this system.'

In answer to: 'Can't hackers use the site to farm email addresses for spam?', we're told: 'They can, however the complete data is freely available via torrents and other websites, and includes other information such as full names and passwords. Using this site would just be inefficient as emails would have to be brute forced and retrieved one by one.'

For those wondering: 'Isn't the site a big target for hackers?', we learn that: 'Maybe for the "lulz" or notoriety but not for the data. The complete datasets are available elsewhere and hopefully potential hackers will see the good in having a site like this available to the general public.'

For those wishing to know 'How often do you update the database?', the answer is: 'Whenever a new password database is made public. If you know of a new database that has been published and isn't listed here, please let me know on Twitter.'

The last question is 'How big is the database?', and the last answer is: 'As of June 19th 2011 there are just under 800,000 records in the database but the intention is to keep updating in perpetuity.'

So'¦ please change your passwords, and never use the same password twice!

 

Read 6564 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments