Monday, January 21, 2013

Have your accounts been compromised? Find out.

What is PwnedList?

PwnedList is a tool that allows an average person to check if their online accounts have been compromised. The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.
At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise. The purpose of this project is hopefully to raise security awareness, encourage users to be more proactive about handling their personal security in cyberspace and at the same time help people monitor their accounts for potential compromises.

About us

PwnedList is a quickly growing startup service created by a group of security researchers from various industries. You can contact us through our contact page our reach out to us via Twitter @PwnedList.

Frequently Asked Questions

  • What does the word 'pwned' mean?
  • The word pwned comes from the hacker jargon 'pwn', meaning to compromise or control, specifically another computer (server or PC), web site, gateway device, or application. It is synonymous with one of the definitions of hacking or cracking. The past tense and past participle of 'pwn' is often spelled as 'pwned'. Hence the name PwnedList, meaning compromised list, or in our case a list of compromised accounts. Read more.
  • Is this a phishing site? How can I possibly trust you?
  • No, this is not a phishing site. PwnedList was started as a project by security researchers who wanted address the current state of web security and raise public awareness of data breaches that have become a daily occurrence. You can read more about us in our "About Us" section, featured above. Feel free to contact us if you have any questions or concerns.
  • Are the emails I enter stored on your servers?
  • Absolutely not. Any data you enter into the search box is used once and only once, for our database lookup. The data never leaves our server and is never stored in any form. Don't believe us? You don't have to. The query box on our front page also takes SHA-512 hashes are input. So you never have to type in cleartext data if you don't want to. Go ahead and use any widely available SHA-512 generator to hash your data and use it as input. Here's a couple to try: one and two. Or find your own.
  • Where does your data come from?
  • We have two principal sources of data. One is the manual collection of data from account dumps made by various hacker groups. Every week we spend a fair amount of time researching possible new security breaches and trying to collect any resulting data dumps. The other source is our automated harvesting system that is able to spider certain places on the internet, identify potential account dumps and import them into our database, all without human intervention. In fact, almost 40% of our data comes from automated harvesting.
  • How often do you update your database?
  • We update our database at least once every 24 hours. In addition to manually collecting any hacker data dumps we can get our hands on we have built advanced automated harvesters that download and process new data every 24 hours without any human intervention.
  • How many entries do you have in your database?
  • As of Jan 21st, 2013, we have 29,301,864 entries.
e-mail address & password combinations collected
2,118 credentials leaks collected
966,231,281 passwords collected
168,602,891 emails collected 
Use the largest database of stolen credentials to identify and secure vulnerable accounts before you become a victim of fraud.

Have your accounts been compromised? Find out.

PwnedList is a tool that allows an average person to check if their accounts have been compromised. You can read more about where our data comes from here. Just enter an email address associated with any of your accounts to see if it's on our list. Data entered is not stored, re-used, or given to any third parties. Don't trust us? You can also use a SHA-512 hash of your email as input. Just don't forget to lowercase all characters first.

No comments:

Post a Comment