A website which can tell users if their email address has been hacked and is used elsewhere has been launched.
Created by security blogger and Microsoft MVP Troy Hunt, haveibeenpwned.com consolidates data from five major breaches that was revealed publicly and was readily available via various sites on the web: Stratfor; Adobe; Gawker; Yahoo; and Sony. Hunt said that collectively this is 154 million accounts, primarily being the 152 million + accounts breached from Adobe in October.
Hunt said that there are not passwords stored “as the intention of the site is to map email addresses to data breaches and storing the passwords here would do nothing to achieve that end”. He also said that everything sits in Windows Azure table storage, which contains just the email address and a list of sites it appeared in breaches on, and nothing is logged.
“One of the things I noticed with the Adobe breach that I haven’t seen in previous cases was other companies notifying their users that their Adobe account had been breached. Not just one or two companies, but many of them,” he said.
“The point is that analysing breach data appears to be becoming mainstream. Arguably the sheer volume of the Adobe breach was the catalyst, but I do find it interesting how illegally obtained data now well and truly in the public domain is being used for constructive purposes. My hope is that HIBP can continue with that trend.”
Hunt confirmed that he plans to integrate other data from breaches in future “and make them quickly searchable by people who may have been impacted”. He said: “It’s a bit of an unfair game at the moment – attackers and others wishing to use data breaches for malicious purposes can very quickly obtain and analyse the data but your average consumer has no feasible way of pulling gigabytes of gzipped accounts from a torrent and discovering whether they’ve been compromised or not.
“Depending on how subsequent breaches pan out, there are a number of ways HIBP can help people deal with compromised accounts early rather than waiting until they’re potentially taken advantage of.”