Earlier this week, a security researcher and consultant Mark Burnett made headlines when he announced that about 10 million stolen usernames and passwords are on his blog. Of course, the security expert didn’t post the passwords with malicious intent. Instead, his goal was to “release a clean set of data” that gives the world insights into user behavior, and also to draw attention once again to the arrest and prosecution of Barrett Brown.
Burnett didn’t steal the passwords in question, of course, but they’re now easily accessible to anyone and everyone — here’s how you can quickly and easily find out if you are affected.
Burnett posted the 10 million leaked usernames and passwords in one big torrent file that anyone with a computer can download in a matter of minutes. Thankfully, one of the people who downloaded that file used it to create a simple site where anyone can check to see if their accounts have been compromised.
Here’s how you can check:
Simply visit this page on programmer Luke Rehmann’s website, where you’ll be able to search for your usernames and passwords in the leaked file.
Now, before you start wondering if Rehmann is just using this page to collect the usernames and passwords people input, it’s important to note that you can (and should) search with partial entries. So, for example, if your password is “trustno1,” you can simply search “no1″ or “trus” and see if one of your accounts comes up.
As Burnett notes in his blog post, the usernames and passwords he posted are a small sample pulled from earlier username and password dumps containing upwards of 1 billion sets of stolen credentials. As a result, running a check on the site linked above doesn’t guarantee that your usernames and passwords aren’t floating around on the deep web.
To check your usernames against more complete databases of stolen credentials, visit Havibeenpwned.com and Pwnedlist.com.
UPSHOT: Am Speechless