Yesterday Robert Lemos, writing for Dark Reading, wrote an interesting article regarding an anti-phishing/anti-theft monitoring website known as Pwned List. I thought it may be of some interest to my own readers.
The Lemos article entitled, “Leaked Account Notification May Be Worth the Warning,” describes the advent of a database which can be used to monitor accounts and determine whether or not an account has been compromised. Similarly, you can enter in your own email address to determine if there are any matches to known compiled data.
The Austin-based site PwnedList gets their data from companies that believe they’ve been compromised as well as from public dumping spots attackers use to expose their victims (such as Pastebin). This means that data gathered from such sites are usually accurate. For more information on how their data is collected, read this.
A few years back, a company I was dealing with had their security compromised. Customer usernames, hashed passwords and subscriber credit card information was stolen. Thankfully I was warned of the breach and changed my sensitive information accordingly. Accurately, PwnedList was able to note that particular compromise as well as give the time and date that the data was dumped online.
You should know that PwnedList does not save any leaked data once it has been analyzed and entered into their database. Nor can they determine the type or method of the exact breach (in most cases such data has long since been removed from the initial sites used as dumping grounds). But it can be used to help you determine if any of your accounts were compromised. From there you can determine what changes need to be made to safeguard your data.
You can follow PwnedList on Twitter for more news and updates.
With social engineering threats on the rise (such as those found in the Neuralhub entitled, “DNS Threats and Security Solutions,”) and SQL Injections being used by attackers regularly, you owe it to yourself to either setup PwnedList monitoring on your accounts or at least check their database routinely.
Be sure to check out my Neuralhub post entitled, “Computer Security Resources,” for other links to security solutions.
News Sources
“Leaked Account Notification May Be Worth The Warning.” Lemos, Robert. Dark Reading, October 1, 2012.