How to find out if your email address has been compromised

An enterprising group of security researchers has created a massive list of 'pwned' email addresses and usernames. Take a minute to see if you're on it

Ever had a sneaky suspicion that somebody, somewhere has cracked your email account?

A handful of researchers at well-known security firm HP/TippingPoint DVLabs spend their spare time looking for publicly posted lists of cracked email addresses. They've also written programs that comb repositories of dumped stolen data, including Pastebin. Their collection has grown to 5 million known compromised accounts, and it's growing daily.

If you're curious to see if your email address or username has appeared on any of those clandestine lists, drop by PwnedList and see if your email address has appeared on any of the lists DVLabs has accumulated.

While the list is far from complete -- I verified that several known "pwned" email addresses aren't on the list -- it's sobering and well worth your time to check. It's free, and it only takes a second (if the server hasn't melted down).

These folks know what they're doing. First, they don't store any stolen passwords: The PwnedList database only contains publicly posted email addresses and usernames. The bad guys can steal all 5 million records in the PwnedList database and it won't get them anywhere.

Second, they're intensely aware of the potential for privacy problems. Accordingly, they promise they don't store and won't use any email address submitted online. More than that, though, if you really don't trust them, you don't have to type in your email address. You can create an SHA-512 encrypted hash of your email address and use that.

It's a great service and the price is right. Tell your friends.

This story, "How to find out if your email address has been compromised," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2011 IDG Communications, Inc.