A number of serious data breaches have occurred recently affecting many company’s websites. Hackers steal e-mail addresses and passwords, in the hope that people re-use the same passwords on other sites, such as PayPal or their bank’s website. The Privacy Rights Clearinghouse keeps a database of such breaches, which may range from a few dozen addresses being stolen from a small business to more than 300,000 swiped from Citibank, or more than a million taken from Sony servers. But these are obviously only those data breaches that have been reported. Many others go unnoticed.
In some cases, hackers commit the breach to show a weakness in a company’s security, and even publish the list of e-mail addresses (and sometimes passwords) that they have obtained.
Daniel Grezlak has created a website that provides a search of these published databases. Grezlak says:
LulzSec and other groups have been hacking an assortment of prominent organisations. Forgood or for bad, they have also been publishing their databases, which typically include emails and passwords. Given that most people re-use their passwords, this site allows the average person to check if their password(s) may have been compromised and need to be changed.
At ShouldIChangeMyPassword, you can enter your e-mail address(es) and see if they are part of the affected databases.
Given the number of high-profile databases that have been compromised, it’s a good idea to check your address and see if it’s in this database. If it is, you should change your password immediately. In either case, you should read this Mac Security Blog article, Passwords In the News – Are Yours Secure? for some tips on using a solid password. Make sure not to use the same password twice, at least not for any important sites.