How to find out if your personal info has been leaked in a security breach

How to find out if your personal info has been leaked in a security breach

Summary: If you want to find out if your email address was stolen in a hacker breach, try out this tool.

SHARE:
25

When I was an undergraduate in engineering school, I worked on side projects. They weren't exactly intended for the public good.

Kids, don't try this at home

One project involved building a long-range beam laser that we could shine down from the dorms and freak out the drunks stumbling home from frat parties. Another was perfecting a multi-stage bottle rocket we could launch from a stealthy launch platform in our dorm window, which would fly halfway across the quad before igniting the second stage and then strafing the campus security guards as they did their rounds.

The world was a different place in the late 1970s. Those stunts would have landed me and my fellow engineering students in an ocean of hot water, had they been attempted in this post-9/11 era. Back then, it was just lolz all around.

Granted the projects I did for degree requirements were academically sound (I did graduate with honors, after all). But the side projects, well, socially redeeming wasn't exactly a concept I was able to fully integrate into my psyche until well after I graduated.

His mother should be very proud

And then there's Julian Pulgarin. Julian was an intern at Facebook and is currently a candidate for Bachelor of Software Engineering at the University of Waterloo in Ontario, Canada.

Julian decided, what with all the lists of personal information being released to the public by the likes of Anonymous, Wikileaks, AntiSec, and LulzSec, individuals might be worried that their information might now be out "in the wild."

So Julian's been curating the released data. He's built a database containing all the email addresses (over 1.4 million addresses, including the Booz Allen Hamiliton breach).

See also: Military Meltdown Monday: 90,000 military email profiles released by AntiSec

All you have to do is go over to HackNotifier.com. Enter your email address (which he promises me he's not capturing), and the site will tell you if your email address is in any publicly available leaked database.

Now, Julian's not all altruism and spice and everything nice. He's got a neat, little profit engine built into his database, which is the "notifier" portion of the site. For $9.99 a year, you can register with HackNotifier and if any new breaches do have your information, he'll let you know.

The necessary cautionary words

Obviously, all I have is Julian's word that he's not capturing email addresses for future nefarious purposes, but in my conversations with him, he seems like a good kid. He's built a useful service and, if he's lucky, he might also make a few bucks off it.

Me? Well, I probably shouldn't say any more about what I was up to when I was his age, but it sure as heck wasn't public service.

Topics: Collaboration, Security

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • Excellent idea, but too cautious to try it.

    "Enter you email below to get started" - Worded like an outside country money scam.<br><br>"No emails are stored without your permission" - Okay, but what about my email address?<br><br>Sorry, but it's a trust issue.
    Bruce Lang
    • RE: Excellent idea, but too cautious to try it.

      @bdlang@... Thanks for the feedback regarding the wording. Just to be clear, the email that you enter on our website will be used once in a SELECT query against our database, and will not be stored in any way. If you have any more questions feel free to contact me at jpulgarin@hacknotifier.com
      jpulgarin
  • RE: How to find out if your personal info has been leaked in a security breach

    I tried it with Firefox 5 and received an error message saying "Referral Headers" had to be turned on. Couldn't any settings were they could be turned on or off so they must be off by default deeper in the setting of which, I will not mess with. Make the site work with browsers out-of-box.
    The Rifleman
    • RE: How to find out if your personal info has been leaked in a security bre

      @The Rifleman This should work soon, it was caused by overzealous cross site request forgery protection which is not necessary under our particular case. Thanks!
      jpulgarin
  • Not so sure

    Mine did not some up in the search. I was pretty sure mine was stolen in the SOE Hack. I have been a subscriber for SWG since it started. I also get 10 times the spam I used to plus additional Facebook spam.
    john@...
    • Re: Not so sure

      @john@... John, the PSN hack was never made public so it is not in our database. Various other Sony breaches, like the ones published by LulzSec, are.
      jpulgarin
  • The site's not loading at all on Chrome 12 or IE9 on Windows 7 for me :(.

    The site's not loading at all on Chrome 12 or IE9 on Windows 7 for me :(. It just says "Waiting for response...". I live in The UK if that helps.

    Sure it's a risk to enter your e-mail address into this site too but then you've already entered it in plenty of other places. Are you sure they're all trustworthy? I know I've used it on web forums, I've then not visited again. I had a question, you need to register before you can ask it.
    bradavon
    • RE: How to find out if your personal info has been leaked in a security breach

      @bradavon

      That is what webmail accounts are for. You should always create an account with Hotmail, Yahoo, or (heaven forbid) Gmail, just for all these subscriptions and logins that you have to do. No harm in that address getting out.

      Better off forgetting Gmail as that is just Google spyware. More risky than most spammers.
      jorjitop
  • dood, get some bandwidth

    ZDNet referrals are apparently DDoS-ing your site. I can't get it to load OR time out. ;)
    pgit
  • We're gonna need a bigger boat...

    Server appears to be overloaded... not responding.
    rich1383
  • Server's Down

    Hey guys, we're currently moving to a much bigger server, should be about 10 minutes. Sorry for the inconvenience!
    jpulgarin
    • @jpulgarin: It's working now and I'm clean :). Thanks.

      @jpulgarin: It's working now and I'm clean :). Thanks.
      bradavon
  • RE: How to find out if your personal info has been leaked in a security breach

    Nice try. :-)
    ITOdeed
  • RE: How to find out if your personal info has been leaked in a security breach

    OK. I tried, but the site will not take my email address. Is this only for Microsoft users? I use Linux.
    gsa729
  • RE: How to find out if your personal info has been leaked in a security breach

    OK. I can answer my own question. I typed in address and went to the site. It worked fine for on Linux.
    gsa729
  • RE: How to find out if your personal info has been leaked in a security breach

    How do I try it out. Down load it.
    rhm1934
    • RE: How to find out if your personal info has been leaked in a security bre

      @rhm1934@... Go to www.hacknotifier.com, enter an email address and hit your enter key or click on "Have I been hacked?" Nothing to be downloaded and installed.
      aspir8or
  • No good deed...

    ...goes un-"corrected," unedited, un-"improved" upon, un-picked at.

    But it's still appreciated!
    archetuthus
  • Thanks for the answers

    Very unusual to see a developer/site operator respond quickly (or even at all) in the article Talkback. Thanks.
    rschoonh@...
  • RE: How to find out if your personal info has been leaked in a security breach

    "Obviously, all I have is Julian?s word that he?s not capturing email addresses for future nefarious purposes, but in my conversations with him, he seems like a good kid."

    That's pretty much what is said about every serial killer.
    puterami@...