Earlier this month, security researchers revealed the massive Heartbleed bug, a security flaw which affected an estimated 66 percent of the entire internet at the time of its discovery. The flaw may have exposed usernames and passwords on a number of popular websites. Big companies were quick to address the bug but it was discovered recently that Heartbleed was around for years before companies started patching it earlier this month
Forbes contributor, Adam Tanner recently put together a simple piece listing three websites that will inform users of whether or not their accounts have been hacked.
The first is haveibeenpwned.com and as the name might suggest, it serves a single purpose: it tells you if any of your online accounts have been “pwned,” or breached by hackers. Using the site takes just a few seconds — simply enter an email address and the site will check to see if associated accounts have been compromised in any one of thousands of known breaches.
Two other services listed by Forbes, PwnedList and shouldichangemypassword.com, work the same way but may have access to slightly different data, so it’s not a bad idea to use all three free sites.
These sites may see more traffic in coming weeks if the Heartbleed security flaw leads to a whole new series of hacked sites, as many experts forecast.
“If this issue isn’t fixed immediately at all companies (which it won’t be), then we can expect to see a large number of breaches and leaks enabled by this vulnerability,” said Steve Thomas, the co-founder of PwnedList.
“We are preparing our database for a rapid increase in the number of compromised credentials, which Heartbleed will certainly contribute to.”
PwnedList makes its money by alerting corporate clients to hacking attacks, which in many cases affect not the firms themselves but their outside vendors.
It catches wind of new breaches by hanging around Internet hacker sites. “Once we join those we get access to everything that is getting passed around,” says Thomas. “Primary hackers will say ‘I just broke into XYZ company, here is their user list.’” Sometimes hackers broadcast their accomplishments on Twitter, but some boasts have not actually occurred.
He estimates that PwnedList learns of about a dozen different data leaks every day, with 100,000 to 500,000 compromised credentials.
The site haveibeenpwned.com, set up late in 2013, is the pet project of Troy Hunt, an Australian who works as an architect at a large company by day. He concentrates on the larger data breaches, and adds one to two different data sets a week to his site. “It is a bit of a laborious process,” he said. “It doesn’t make any money. I guess it is a hobby and public service.”
Source: BGR