Have You Been Pwned?

Tuesday, January 21, 2014 - 01:35 PM

It's has simply become a fact of life now that personal information is going to be compromised by hackers. Both private and public entities are routinely having information stolen because they are either unable or unwilling to properly inoculate against these kinds of attacks. So if you can't rely on third parties to safeguard your data, there should at least be a way to know if it has fallen into the hands of hackers. Now there is.

Have I been pwned is a website that keeps track of all the public releases of user data, and allows you to check your email address against the information that's out there. For me, it was immediately helpful - it told me that I had, in fact, been pwned when Gawker's user account system was hacked a few years ago.

Of course, this website is limited to account data that has been posted publicly. Things like last month's Target hack will not show up here, because that information has not popped up on torrent sites or PasteBin like the Gawker hack did. But sites like this could be a template for companies to roll out a similar system in the future.

Another useful feature I could see being built into a site like this would be some kind of pwnage gradation system, which would let you know just how much or what kind of information about you is floating around out there. But still, this a nice start. Now if you'll excuse me, I have to go change all my passwords.

(h/t Chris[p] Neary)

Tags:

More in:

Comments [1]

Tim Farley from Atlanta, Georgia

There are two other services online, both of which predate the one you describe and may therefore have larger databases on them. One is called PwnedList (https://pwnedlist.com) and the other has the quite descriptive name Should I Change My Password? (https://shouldichangemypassword.com).

I recommend using services like these that let you enter your email address, but I would shy away from any web page you may find that wants you to enter your password to test it - those can sometimes be thinly disguised phishing attempts.

Jan. 21 2014 03:31 PM

Leave a Comment

Register for your own account so you can vote on comments, save your favorites, and more. Learn more.
Please stay on topic, be civil, and be brief.
Email addresses are never displayed, but they are required to confirm your comments. Names are displayed with all comments. We reserve the right to edit any comments posted on this site. Please read the Comment Guidelines before posting. By leaving a comment, you agree to New York Public Radio's Privacy Policy and Terms Of Use.

Supported by

 

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by PJ Vogt and Alex Goldman. You can subscribe to our podcast here. You can follow our blog here. We’re also on Twitter, and we play Team Fortress 2 more or less constantly, so find us there if you like to communicate via computer games from six years ago.

Subscribe to Podcast iTunes RSS

Feeds