Do you, at times, wonder whether your accounts have been compromised? If the answer is yes, you can now verify your doubt by using a service appropriately called PwnedList (Pwn is a jargon used by hackers to imply that an account has been compromised).
It was developed by two security researchers – Alen Puzic and Jasiel Spelman, of DVLabs. They explain the birth of PwnedList as:
The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.
At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise.
All you have to do is head to PwnedList.com and enter your email id or username in the text box and click Check. The data is then compared with SHA-512 hashes of harvested account dumps stored as key value pairs. The site says that the entered data is used only once for the search and is not stored. Still, if you don’t want to enter your username/email, you can use the SHA-512 hash of your email (or username) instead.
So, what if your email or username is identified in their database? Immediately change their passwords as well as passwords of your other accounts just to be on the safe side. See my article, The Layman’s Guide to Computer Security for tips on creating a strong password.