Stolen password search website launched
A website that lets people check whether their email addresses, usernames and passwords have been stolen in a cyberattack and posted online has been launched by an Australian who is a former IT security consultant.
Daniel Grzelak, who lives in the Sydney area, launched his new website, shouldichangemypassword.com, on Tuesday. The site allows concerned internet users to enter an email address and see whether it is one of 800,000 records posted online by groups such as Lulz Security.
That hacker collective, also known as LulzSec, has taken responsibility for cyberattacks on Sony, Nintendo, FBI affiliate Infragard Atlanta, and websites of the CIA and U.S. Senate. Data stolen in some of those attacks is posted on Grzelak's website.
If an email is listed in the database of stolen data, the site will list what information among your email, username and password have been compromised, how many times it has been compromised, and the most recent incident. It will also recommend that the user change all his or her passwords.
However, the site's FAQ cautions that even if a user receives the message: "Your passwords may be safe," it does not mean they were not compromised — it just means they weren't published as part of the high profile breaches listed.
Grzelak wrote on the site that he plans to keep updating the site whenever a new password database is made public "in perptetuity."
Grzelak told the New York Times that he created the tool for family and friends who had heard about the "LulzSec shenanigans" and were concerned about what it meant for them.