Friday, 6 December 2013

How to find out if your password has been stolen

The announcement yesterday's of the discovery of a botnet command and control database of user credentials for Facebook, Twitter, Yahoo, ADP and others is just the latest in a trend going back several years. You can't trust Internet services to protect your passwords; you have to protect them yourself.
This new revelation is actually rather minor compared to many others from recent years for reasons explained by Webroot in a blog entry: the number (2 million credentials) is actually small compared to many of the others, with the king of the hill being the Adobe breach of as many as 150 million credentials.
Trustwave, the company that found the botnet and password database, isn't publishing it, but other databases are publicly available and you can search them. But there are two sites I have found that let you search across multiple databases.
Troy Hunt's Have I been pwned? consolidates the databases from five major breaches for a single search:
  1. 152,445,165 Adobe accounts
  2. 859,777 Stratfor accounts
  3. 532,659 Gawker accounts
  4. 453,427 Yahoo! accounts
  5. 37,103 Sony accounts
Enter your email address and searches all of them and reports back. One of my addresses was in the Adobe database, but I knew that already:
I changed the password a while ago and hadn't used it on other sites.
As Hunt explains in a blog entry announcing the site, he built it in large part as an exercise to in using certain Windows Azure technologies, but he believes in the service and wants to make the site as useful as is practical. He says he has plans to add new databases as they come available and new features such as a service to alert you in case your email address shows up in a database and the ability to search on a whole domain (such as '').
The other site, Should I Change My Password?, is mostly a front-end for pay services. The site already has the email alert service, which they call Email Watchdog, and which appears to be free. But if you simply search for an address and it's in one of their databases they won't give you any detail, just the fact that it was in a database:
It seems odd that they "...can't tell you which breach your email address was compromised in" as they say in their FAQ. has no trouble providing this information, as it is stored in their database for each breached record. only stores a hash of the password, the date of the last compromise and the number of times it was compromised (i.e., presumably, the number of databases in which it was found). This seems less useful. If I learn from that my Adobe account was breached then I only have to change that password.
Perhaps (a service of Avalanche Technology Group) will give you this detail as part of one of their pay services which they push
Regardless of your status on any of these databases, the only good strategy is to have strong and separate passwords for all services you use. Remembering all that is not humanly possible, so you'll need a password manager. I use LastPass, others I know use 1Password and RoboForm, and there are many others. I hope to write more about password managers soon.


  1. The homepage shows how much effort you have made in the production process. 엘리트바카라
    I always feel gratitude and gratitude. Thank you.

  2. If you really desire to get such type of information, visit this blog quickly.
    find more information

  3. If your life has stopped giving you pleasure due to some unknown reasons than our Escorts Service is the right place it is still not too late to make it exciting. It is just your, who are such buddies, who can make you worth living if you spend a few moments with them. There is no such nudging in availing yourself of their companionship.

    Call Girls in Paharganj, Delhi
    Escorts Service in Connaught Place
    Call Girls in Faridabad
    Russian Escorts in Faridabad
    Escorts Service in Connaught Place
    Massage Parlor in Gurgaon

  4. Hii
    Nice Blog
    Guys you can visit here to know about
    buy fb likes

  5. Hi to everybody, here everyone is sharing such knowledge, so it’s fastidious to see this site, and I used to visit this blog daily.
    top UX designer