Lucky for us, an online security expert has come forward with a free service that alerts you if it finds your email address among hundreds of thousands of compromised (and now public, thanks to the hackers) accounts.
The site, called “Should I Change My Password?,” was designed by Australian technology and security pro Daniel Grzelak, who tells the New York Times that he created the website to give concerned users “A, an easy way to check if they were affected and B, some simple advice on what to do if they were.”
The new site access more than a dozen databases of stolen account information that hackers released to the public.
The 800,000-plus entries in the various databases aren’t a comprehensive archive of anyone who’s ever been hacked, of course. But it does search pilfered data from recent security breaches at Sony, PBS, Fox.com, Gawker.com, and MySpace, among others.
To use the site, just type your email address into the form and press the “Check it!” button. You should get the result instantly: either a green “all clear” icon, or a scary red light warning you to change your passwords, pronto.
OK, so how do we know Grzelak himself isn’t a hacker trying to fool us into giving up our email addresses? In the site’s FAQ (“frequently asked questions”) page, Grzelak assures us that he’s been “vetted” by media sites ranging from the Times to Secure Computing Magazine, and he also lists his public Twitter account.
Grzelak also notes that doesn’t store any email addresses used in search queries.
I went ahead and entered a few of my email addresses into the site and came up clean—phew. If you want to see what a “you’ve been hacked” warning looks like, type “firstname.lastname@example.org” into the search form.