‘PwnedList’ website lets users check if their online accounts are safe

A cyber attack on Sony’s online PlayStation Network in April put the personal information of more than 70 million people at risk. Email addresses, passwords and even credit card information tied to PSN accounts were dubbed compromised.

I was one of those 70 million – a PlayStation 3 owner who played online. I even linked my Facebook account with my PSN ID so friends would know which game I was currently nerding out on.

Sony’s advice in light of the data breach was simple: customers with online PSN accounts should change any passwords stored on their consoles. I did just that, going one step further by severing the Facebook sharing feature altogether.

However, I wondered if somehow my compromised data had still been leaked. Were my username and former password floating around the Internet, possibly tucked away in an info dump along with the usernames and passwords of countless other ignorant victims?

According to PwnedList, which boasts a database of nearly five million leaked email addresses and usernames, I’m in the clear – sort of.

PwnedList’s bait is tempting (if familiar): insert a username and/or email address into the site’s search bar, hit “check” and find out if you need to get busy changing passwords.

Reading through its numerous guarantees to ensure I wasn’t setting myself up to be the victim of an elaborate phishing expedition and then noting a nod of approval from blogger/cyber security evangelist Brian Krebs, I bit.

Inserting a well-worn email username typically reserved for myriad Internet services and company offers, I received a disheartening message. The username turned up in their voluminous database, though hasn’t been seen since last December. So, that’s a silver lining. And when I typed in the full email address, it turned up no hits. More importantly, my dedicated work email remains un-pwned.

PwnedList operators Alen Puzic and Jasiel Spelman revealed that the site began as a simple experiment to see how many compromised accounts they could locate. When the pair found 30,000 usernames and passwords in two hours, they decided to go all out.

Puzic and Spelman insist PwnedList is safe from hackers looking to loot the veritable treasure trove of compromised information.

“The way our database system is architectured it would be impossible for anyone to dump data from it,” reads the site’s FAQ section. “In our key-value pair database data can only be extracted if you know the key, in this case the hash of the username or email address. An attacker wanting to extract data from our database would have to know the hashes of all data stored in it.”

In other words, hackers would need to know what they were looking for to find it. And if that’s the case, you’re already on the PwnedList.

Let us know if you’re on the PwnedList in the comment section.