Have You Been Pwned?

Tuesday, January 21, 2014 - 01:35 PM

It's has simply become a fact of life now that personal information is going to be compromised by hackers. Both private and public entities are routinely having information stolen because they are either unable or unwilling to properly inoculate against these kinds of attacks. So if you can't rely on third parties to safeguard your data, there should at least be a way to know if it has fallen into the hands of hackers. Now there is.

Have I been pwned is a website that keeps track of all the public releases of user data, and allows you to check your email address against the information that's out there. For me, it was immediately helpful - it told me that I had, in fact, been pwned when Gawker's user account system was hacked a few years ago.

Of course, this website is limited to account data that has been posted publicly. Things like last month's Target hack will not show up here, because that information has not popped up on torrent sites or PasteBin like the Gawker hack did. But sites like this could be a template for companies to roll out a similar system in the future.

Another useful feature I could see being built into a site like this would be some kind of pwnage gradation system, which would let you know just how much or what kind of information about you is floating around out there. But still, this a nice start. Now if you'll excuse me, I have to go change all my passwords.

(h/t Chris[p] Neary)


More in:

Comments [1]

Tim Farley from Atlanta, Georgia

There are two other services online, both of which predate the one you describe and may therefore have larger databases on them. One is called PwnedList (https://pwnedlist.com) and the other has the quite descriptive name Should I Change My Password? (https://shouldichangemypassword.com).

I recommend using services like these that let you enter your email address, but I would shy away from any web page you may find that wants you to enter your password to test it - those can sometimes be thinly disguised phishing attempts.

Jan. 21 2014 03:31 PM

Leave a Comment

Email addresses are required but never displayed.

Supported by

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by Meredith Haggerty. You can subscribe to the TLDR podcast here. You can follow our blog here. I tweet @manymanywords and @tldr.

Subscribe to Podcast iTunes RSS