HackNotifier, Check If Online Accounts Have Been Compromised
News about big hacks and the publication of user databases have slowed down considerably in past months.
Before that, reports of hacks were nearly daily in the news with companies like Sony, Gawker or Ashampoo reporting breaches.
Some of the user databases that the hackers dumped during these hacks were published on the Internet afterwards. Not all listed unencrypted passwords but some did and even though companies did ask users to change - all of their - online account passwords, it is likely that some users may have missed those announcements completely.
There is also the possibility that some of the users reused passwords and email addresses or usernames elsewhere. All of these accounts are in danger of unauthorized access and account takeover as well.
Update: HackNotifier is no longer available. You may use the free service Have I Been Pwned instead for that as it offers similar functionality and an up to date database of breached passwords. You can check out our review of Have I Been Pwned here. Users of the KeePass password manager can integrate the checks in the password manager.
You may also want to check out other resources that help you test certain security related features online. End
HackNotifier
The free online service HackNotifier was a frontend that users could use to search for email addresses that were leaked in hacking attempts.
You basically entered your email address - or the email address of someone else into the form on the main page to see if it was listed in at least one of the hacked user databases.
You then got to review the status on the next page. The service let you know immediately if an account was insecure and if it was compromised.
HackNotifier listed the company whose servers were compromised and the day it happened. A link pointed to third party websites that offered additional information about the hack. It asked you to change your account passwords if you had not already done so.
Users could sign up for the company's service to receive notifications when their email account got hacked again. This obviously was only effective if the hackers published the user database on the Internet. The service at the time of writing had information about 20 leaks and almost 1.5 million accounts in the database.
HackNotifier highlighted that it did not save email addresses that users entered on the site to check whether the account has been compromised.
Probably the biggest issue was that most hackers did not dump user databases publicly. It was still frightening to see email address listed as compromised on the results page.
So, the site keeps e-mail address for future use ?
No, it does not keep it unless you sign up for a paid membership. Then they use the email to check against their database regularly.
I wonder if the mere act of searching for an email address might be enough to make that email address a target?
HI,
This could be a follow-up of the article about the hacked Paypal accounts…
Nice service, though it will only scan against the databases they have in store as you stated.
The Databases contents are corporate only data or they also hold “regular” user details (thinking of the paypal user accounts).
Without the help of the big players (hotmail, yahoo, paypal…), chances that non savvy people will know and take benefit of such a service is very limited. That is if the used databases encompass private data as well.