PwnedList, a website launched just nine months ago, helps users figure out if their account credentials have been hacked. The service crawls public sites where hackers post stolen data and then indexes all the login credentials it finds. As such, if your company or a website you use was hacked, and PwnedList found it, it can tell you. If you want to check yourself, the service is free. If you want PwnedList to alert you when your account credentials have been stolen, however, you'll have to pay.
Here's how it works. When you visit PwnedList, you'll be asked to type in your e-mail address or username. All that PwnedList does is check what you provided against its database of compromised credentials. At the time of writing, it has over 12 million entries in its database, each of which PwnedList also checks for whether a password was also published online. If it has, you can at the very least change your password.
PwnedList today announced a "security monitoring service" that charges users for an automatic e-mail alert if their account credentials have been posted online by hackers. The new service is available to both consumers and businesses. Here are the three features PwnedList is emphasizing:
- Monitoring engine: We've built an intelligent harvesting engine that scans the parts of the web we think are most likely to contain leaked account data. It gathers tens of millions of stolen credentials each year.
- Alerting service: Our monitoring service provides daily/weekly monitoring and alerting for stolen credentials on your watch list. You can "watch" up to 10 of your most commonly used e-mail accounts at a time.
- Automatic reports: Whenever we detect that one (or more) of your accounts has been compromised in a recent leak we immediately notify you and generate a report on the incident including details on the data leak itself.
It's one thing to have your usernames, e-mail addresses, and passwords stolen and posted for everyone on the Internet to see and abuse. It's another thing to have this done and not know about it. PwnedList aims to fix this problem.
I couldn't check pricing myself because the site's Sign Up form didn't work for me. If you have had better luck, please do let me know.
In the meantime, I have contacted PwnedList about pricing information for its new service and will update you if I hear back.
Update: "We are currently pricing our monitoring and alerting service at $1/month for individual customers," a PwnedList spokesperson said in a statement. "We also have premium pricing for corporation monitoring for entire domains. The price for each corporation varies based on the number of domains the want us to monitor, the size of the corporation. Most corporations are signing up for annual subscriptions in the five figures. We are also offering discounted pricing for universities and non-profits from the corporate rate, with annual subscriptions in the four to five figures."
- Anonymous hacks Vatican again
- Anonymous hacks Panda Security in response to LulzSec arrests
- LulzSec mastermind helps FBI arrest notorious hacktivists
- Anonymous tricked into installing Trojan
- Anonymous reacts to Symantec Trojan report
- NASA: Hackers had 'full functional control'