Hot news over the past couple days reports that over 2 million accounts have been hijacked from Facebook, Google, LinkedIn and others. Read the report HERE. While the 2 million number is huge, this is not the first reported hack of this type. Adobe had their own network compromised earlier this year and the number of affected accounts continues to rise.
When Adobe finally realized their network had been compromised and usernames, passwords, and credit card information stolen, they started sending out emails to those customers potentially affected. In the recent report affecting Facebook and others, Facebook has suggested that it's not their fault and they are under no obligation to report anything to their customers. The latest breach rests solely on the customer whose computer has been infected with Malware that sends account information across the Internet to a botnet.
So, if a company like Facebook will not notify its customers, how is a customer to figure out if their account was one of the reported 2 million?
A new project by Troy Hunt, a Microsoft MVP, utilizes Windows Azure Table Storage to store and query over 154 million email addresses that have been determined to be 'pwned' online. The service, called ';--have I been pwned?, provides a simple interface where a visitor enters a known email address and the service will verify whether or not the account has been compromised. And, not only that, it will show the visitor exactly which reported breach the account was included in. Pretty neat.
The data that is stored for the site is all from publicly available information, just consolidated. Also, no passwords are stored at the site and there is no logging of activity.
You can find the service at this link: http://haveibeenpwned.com/
I did a search for all of my known email addresses, and found that only one had been compromised and it was the Adobe breach that caught it.
Here's an example of checking my Penton.com email address to find that account is safe.
And, here's an example of my myITforum.com email address showing where Adobe completely let me down (as always). Of course, I knew about this one already, thanks to Adobe's email warning a couple months back, but it's still good to see that the service is accurate.