Friday, 24 June 2011 11:54

Has your email been hacked?


Sydneysider Daniel Grzelak has put together an online database of compromised email accounts, easily searchable, to let end-users type in their email addresses to see whether they come up on the list of hacked email addresses - or not.

With so many email accounts and other personal details having leaked due to intense hacker activity, Sydneysider Daniel Grzelak has decided to put together a website letting people see whether their email addresses appear on the lists of hacked information.

Mr Grzelak's site is called 'Should I change my password?' and claims not to have anyone's password listed on the site, nor to store anyone's email address, but simply exists as a mechanism to let people see if their email address (and whatever password was used for that address on blogs or other sites) is known to the various hacker collectives.

I tried typing in one of my addresses, which came up, and another, which did not, and looking at the sources Mr Grzelak used, I was reminded that one of my email addresses was breached in the Gawker attack.

Thankfully I didn't use any of my important passwords when I signed up to Gawker, but as many, many people seem to use the exact same password for all their online activities, Mr Grzelak's site is yet another ear-piercing wake-up call to everyone to never use the same password twice.

In the 'About' section of Mr Grzelak's site, he notes that: 'LulzSec and other groups have been hacking an assortment of prominent organisations. For good or for bad, they have also been publishing their databases, which typically include emails and passwords. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.'

As Mr Gzelak reminds us all: 'Note that no passwords are stored in this database', along with another 'privacy note' stating: 'The email you enter will NOT be stored, transmitted, or otherwise used beyond this check by me or this website.'

He also lists his Twitter address @dagrz for anyone that might have 'questions or concerns', where he also lists his Facebook page for people to post 'war stories and suggestions'.

In Mr Grzelak's 'FAQ' section, he poses some questions and answers. In answer to the question 'Is this a phishing site and why should I trust it?', the answer is listed as: 'This is not a phishing site and has been vetted by a number of trustworthy individuals and organisations (see media). As the author I am also providing my contact details so you can contact me and make the decision for yourself.'

More details on page two, please read on!

The Q&A on Mr Grzelak's site continues.

The next question is: 'My email came back clean, does that mean my passwords weren't stolen?'.

The answer is: 'No. Unfortunately it only means that they weren't stolen and published as part of high profile breaches listed here. If you don't already do so, it's good practice to change passwords regularly just in case.'

Following that is the question: 'Do you store or re-use email addresses?', with the answer being 'Absolutely not. The email is used in a single database query.'

In answer to the question 'What data is stored?', we're told that: 'The following information is kept about any email published by a hacker group: email, date of last compromise, number of times compromised.'

Next up is the question: 'Can I get the compromised password(s)?', with the answer being: 'Not from this website. You can use the last compromised date to cross-reference against the source and download the relevant database yourself. No passwords are stored in this system.'

In answer to: 'Can't hackers use the site to farm email addresses for spam?', we're told: 'They can, however the complete data is freely available via torrents and other websites, and includes other information such as full names and passwords. Using this site would just be inefficient as emails would have to be brute forced and retrieved one by one.'

For those wondering: 'Isn't the site a big target for hackers?', we learn that: 'Maybe for the "lulz" or notoriety but not for the data. The complete datasets are available elsewhere and hopefully potential hackers will see the good in having a site like this available to the general public.'

For those wishing to know 'How often do you update the database?', the answer is: 'Whenever a new password database is made public. If you know of a new database that has been published and isn't listed here, please let me know on Twitter.'

The last question is 'How big is the database?', and the last answer is: 'As of June 19th 2011 there are just under 800,000 records in the database but the intention is to keep updating in perpetuity.'

So'¦ please change your passwords, and never use the same password twice!



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments