Myce.com Latest Updates

‘PwnedList’ website lets users check if their online accounts are safe

Posted 03 November 2011 13:00 CET by Justin_Massoud

A cyber attack on Sony’s online PlayStation Network in April put the personal information of more than 70 million people at risk. Email addresses, passwords and even credit card information tied to PSN accounts were dubbed compromised.

I was one of those 70 million – a PlayStation 3 owner who played online. I even linked my Facebook account with my PSN ID so friends would know which game I was currently nerding out on.

Sony’s advice in light of the data breach was simple: customers with online PSN accounts should change any passwords stored on their consoles. I did just that, going one step further by severing the Facebook sharing feature altogether.

However, I wondered if somehow my compromised data had still been leaked. Were my username and former password floating around the Internet, possibly tucked away in an info dump along with the usernames and passwords of countless other ignorant victims?

According to PwnedList, which boasts a database of nearly five million leaked email addresses and usernames, I’m in the clear – sort of.

PwnedList’s bait is tempting (if familiar): insert a username and/or email address into the site’s search bar, hit “check” and find out if you need to get busy changing passwords.

Reading through its numerous guarantees to ensure I wasn’t setting myself up to be the victim of an elaborate phishing expedition and then noting a nod of approval from blogger/cyber security evangelist Brian Krebs, I bit.

Inserting a well-worn email username typically reserved for myriad Internet services and company offers, I received a disheartening message. The username turned up in their voluminous database, though hasn’t been seen since last December. So, that’s a silver lining. And when I typed in the full email address, it turned up no hits. More importantly, my dedicated work email remains un-pwned.

PwnedList operators Alen Puzic and Jasiel Spelman revealed that the site began as a simple experiment to see how many compromised accounts they could locate. When the pair found 30,000 usernames and passwords in two hours, they decided to go all out.

Puzic and Spelman insist PwnedList is safe from hackers looking to loot the veritable treasure trove of compromised information.

“The way our database system is architectured it would be impossible for anyone to dump data from it,” reads the site’s FAQ section. “In our key-value pair database data can only be extracted if you know the key, in this case the hash of the username or email address. An attacker wanting to extract data from our database would have to know the hashes of all data stored in it.”

In other words, hackers would need to know what they were looking for to find it. And if that’s the case, you’re already on the PwnedList.

Let us know if you’re on the PwnedList in the comment section.

debro
Blown to smitherines
Posted on: 04 Nov 11 11:57
Nope, to both username and email address
For now ...
0 Agree

olyteddy
Senior Moderator
Posted on: 04 Nov 11 16:11
Quote:
Originally Posted by debro
Nope, to both username and email address
For now ...
BUT...Just wait until 'PwnedList' sells the info you entered....
0 Agree

debro
Blown to smitherines
Posted on: 05 Nov 11 00:39
Quote:
Originally Posted by olyteddy
BUT...Just wait until 'PwnedList' sells the info you entered....
Not much comes from a username - I don't think I've ever used it at any other site.
The email ... well, my ISP has a pretty decent commercial spam filter applied to all accounts, and I've been considering moving to Gmail anyway .... it gives me less interruption when I change ISP's, which I tend to NOT do often, even when bigger better deals comes along. Usually a few months later, my ISP catches up .. and I'm not a heavy down loader anyway.

And yes, you're right, they probably are busy collecting as many compromised account information as possible .. probably to sell it
0 Agree

Justin_Massoud
MyCE Senior Member
Posted on: 05 Nov 11 16:12
Quote:
Originally Posted by olyteddy
BUT...Just wait until 'PwnedList' sells the info you entered....
The site specifies it doesn't store info. I guess no one has to believe that, though. The guys who created it are also professional security researchers.
0 Agree

pythonis
MyCE Senior Member
Posted on: 05 Nov 11 18:47
pwned? what is that? pawned? pwinned? pwinnied? typo for "owned"?
0 Agree

Mr. Belvedere
MyCE Resident
Posted on: 06 Nov 11 18:19
Quote:
Originally Posted by pythonis
pwned? what is that? pawned? pwinned? pwinnied? typo for "owned"?
http://en.wikipedia.org/wiki/Pwn
0 Agree

pythonis
MyCE Senior Member
Posted on: 06 Nov 11 18:27
Oh my God that is dumb
0 Agree

Mr. Belvedere
MyCE Resident
Posted on: 07 Nov 11 08:46
Quote:
Originally Posted by pythonis
Oh my God that is dumb
Well duh. Most memes, internet or not, are pretty dumb. Most figure of speech is quite dumb as well.

Doesn't mean it's not honest simple fun though, because pwning someone is also kinda cool sometimes.
0 Agree

pythonis
MyCE Senior Member
Posted on: 07 Nov 11 09:11
Quote:
Originally Posted by Mr. Belvedere
Well duh. Most memes, internet or not, are pretty dumb. Most figure of speech is quite dumb as well.

Doesn't mean it's not honest simple fun though, because pwning someone is also kinda cool sometimes.
pwinning.....whatever it is. I stopped reading the definition once it said its slang. I choose not to know. Gnarly, swell, rad....now THOSE were slang terms.
0 Agree

Mr. Belvedere
MyCE Resident
Posted on: 07 Nov 11 14:52
Quote:
Originally Posted by pythonis
pwinning.....whatever it is. I stopped reading the definition once it said its slang. I choose not to know. Gnarly, swell, rad....now THOSE were slang terms.
Get off my lawn grandpa.
0 Agree

Post your comment

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×