Myce.com Latest Updates

‘PwnedList’ website lets users check if their online accounts are safe

Posted at 03 November 2011 13:00 CEST by Justin_Massoud

A cyber attack on Sony’s online PlayStation Network in April put the personal information of more than 70 million people at risk. Email addresses, passwords and even credit card information tied to PSN accounts were dubbed compromised.

I was one of those 70 million – a PlayStation 3 owner who played online. I even linked my Facebook account with my PSN ID so friends would know which game I was currently nerding out on.

Sony’s advice in light of the data breach was simple: customers with online PSN accounts should change any passwords stored on their consoles. I did just that, going one step further by severing the Facebook sharing feature altogether.

However, I wondered if somehow my compromised data had still been leaked. Were my username and former password floating around the Internet, possibly tucked away in an info dump along with the usernames and passwords of countless other ignorant victims?

According to PwnedList, which boasts a database of nearly five million leaked email addresses and usernames, I’m in the clear – sort of.

PwnedList’s bait is tempting (if familiar): insert a username and/or email address into the site’s search bar, hit “check” and find out if you need to get busy changing passwords.

Reading through its numerous guarantees to ensure I wasn’t setting myself up to be the victim of an elaborate phishing expedition and then noting a nod of approval from blogger/cyber security evangelist Brian Krebs, I bit.

Inserting a well-worn email username typically reserved for myriad Internet services and company offers, I received a disheartening message. The username turned up in their voluminous database, though hasn’t been seen since last December. So, that’s a silver lining. And when I typed in the full email address, it turned up no hits. More importantly, my dedicated work email remains un-pwned.

PwnedList operators Alen Puzic and Jasiel Spelman revealed that the site began as a simple experiment to see how many compromised accounts they could locate. When the pair found 30,000 usernames and passwords in two hours, they decided to go all out.

Puzic and Spelman insist PwnedList is safe from hackers looking to loot the veritable treasure trove of compromised information.

“The way our database system is architectured it would be impossible for anyone to dump data from it,” reads the site’s FAQ section. “In our key-value pair database data can only be extracted if you know the key, in this case the hash of the username or email address. An attacker wanting to extract data from our database would have to know the hashes of all data stored in it.”

In other words, hackers would need to know what they were looking for to find it. And if that’s the case, you’re already on the PwnedList.

Let us know if you’re on the PwnedList in the comment section.

Click for more news

game consolespiracysoftware

Click to share

There are 10 comments

debro
Blown to smitherines
Posted on: 04 Nov 11 12:57
    Nope, to both username and email address
    For now ...
    olyteddy
    Senior Moderator
    Posted on: 04 Nov 11 17:11
      Quote:
      Originally Posted by debro
      Nope, to both username and email address
      For now ...
      BUT...Just wait until 'PwnedList' sells the info you entered....
      debro
      Blown to smitherines
      Posted on: 05 Nov 11 01:39
        Quote:
        Originally Posted by olyteddy
        BUT...Just wait until 'PwnedList' sells the info you entered....
        Not much comes from a username - I don't think I've ever used it at any other site.
        The email ... well, my ISP has a pretty decent commercial spam filter applied to all accounts, and I've been considering moving to Gmail anyway .... it gives me less interruption when I change ISP's, which I tend to NOT do often, even when bigger better deals comes along. Usually a few months later, my ISP catches up .. and I'm not a heavy down loader anyway.

        And yes, you're right, they probably are busy collecting as many compromised account information as possible .. probably to sell it
        Justin_Massoud
        MyCE Senior Member
        Posted on: 05 Nov 11 17:12
          Quote:
          Originally Posted by olyteddy
          BUT...Just wait until 'PwnedList' sells the info you entered....
          The site specifies it doesn't store info. I guess no one has to believe that, though. The guys who created it are also professional security researchers.
          pythonis
          MyCE Senior Member
          Posted on: 05 Nov 11 19:47
            pwned? what is that? pawned? pwinned? pwinnied? typo for "owned"?
            Mr. Belvedere
            MyCE Resident
            Posted on: 06 Nov 11 19:19
              Quote:
              Originally Posted by pythonis
              pwned? what is that? pawned? pwinned? pwinnied? typo for "owned"?
              http://en.wikipedia.org/wiki/Pwn
              pythonis
              MyCE Senior Member
              Posted on: 06 Nov 11 19:27
                Oh my God that is dumb
                Mr. Belvedere
                MyCE Resident
                Posted on: 07 Nov 11 09:46
                  Quote:
                  Originally Posted by pythonis
                  Oh my God that is dumb
                  Well duh. Most memes, internet or not, are pretty dumb. Most figure of speech is quite dumb as well.

                  Doesn't mean it's not honest simple fun though, because pwning someone is also kinda cool sometimes.
                  pythonis
                  MyCE Senior Member
                  Posted on: 07 Nov 11 10:11
                    Quote:
                    Originally Posted by Mr. Belvedere
                    Well duh. Most memes, internet or not, are pretty dumb. Most figure of speech is quite dumb as well.

                    Doesn't mean it's not honest simple fun though, because pwning someone is also kinda cool sometimes.
                    pwinning.....whatever it is. I stopped reading the definition once it said its slang. I choose not to know. Gnarly, swell, rad....now THOSE were slang terms.
                    Mr. Belvedere
                    MyCE Resident
                    Posted on: 07 Nov 11 15:52
                      Quote:
                      Originally Posted by pythonis
                      pwinning.....whatever it is. I stopped reading the definition once it said its slang. I choose not to know. Gnarly, swell, rad....now THOSE were slang terms.
                      Get off my lawn grandpa.

                      Post your comment

                      You need to register before you can comment

                      Like us

                      Most popular headlines

                      Austrian ISPs forced to block The Piratebay and two other pirate sites

                      Four internet providers (ISPs) in Austria have to block three websites distribut...

                      'Apple deliberately slows down iPhones before a new release'

                      An Harvard University PhD student suspects that Apple might deliberately slow do...

                      All USB devices vulnerable to serious security issue - no fix

                      German security researchers today announced they found a serious vulne...

                      Chinese Microsoft offices raided by Chinese government

                      The Chinese government raided Microsoft offices in four cities in the country to...

                      Report: Majority of data loss caused by failing HDD

                      Crashed hard disks are the responsible for the majority of data loss, according ...

                      See all headlines
                      Follow Myce.com