Something Awesome Is Coming

: allows you to enter in an email address to see if hackers have compromised it. Another site, PwnedList, found those where both email addresses had been hacked and gave a date of the hack, but did not say where the issues occurred. offers a similar service. All are free and offer to notify users in the future if an email address is compromised.
PwnedList makes its money by alerting corporate clients to hacking attacks, which in many cases affect not the firms themselves but their outside vendors. It says its clients include publisher Reed Elsevier RUK +%, password service LastPass, one of world's largest social networks, and one of largest aeronautics and personal appliance firms. It catches wind of new breaches by hanging around Internet hacker sites. “Once we join those we get access to everything that is getting passed around,” says Thomas. “Primary hackers will say ‘I just broke into XYZ company, here is their user list.’” Sometimes hackers broadcast their accomplishments on Twitter TWTR +0.68%, but some boasts have not actually occurred. He estimates that PwnedList learns of about a dozen different data leaks every day, with 100,000 to 500,000 compromised credentials.
The site, set up late in 2013, is the pet project of Troy Hunt, an Australian who works as an architect at a large company by day. He concentrates on the larger data breaches, and adds one to two different data sets a week to his site. “It is a bit of a laborious process,” he said. “It doesn't make any money. I guess it is a hobby and public service.”
Hunt would like to see companies whose systems are breached be more responsive in reaching out to their affected customers. Often, he said, there is a long lag time before they own up to what has happened.
“People, sort of rightly say, ‘Wait, hang on a second, why didn't these guys tell me?'” he said. “What surprises me a little about it is when there is a compromise, the company that is being compromised is in the best position of all to say whether it is legitimate or not. The vacuum of information from companies that are alleged to have been compromised is not a healthy thing.”
“One thing we have got to be cautious about is there is a lot of people go out and beat the drums and say we've just compromised the NSA, for example, here's all their passwords, and it's just fraudulent.”
After processing so many breaches through his site, Hunt has strengthened his own personal security drill and recommends the same for others: he uses only strong, unmemorable passwords for each account, and turns to a secure password manager to keep track of all that information.