IE 11 is not supported. For an optimal experience visit our site on another browser.

New Website Tells You Whether You've Been 'Pwned'

Here's a new website you should definitely go to, but also pray that you don't end up on.
/ Source: SecurityNewsDaily

Here's a new website you should definitely go to, but also pray that you don't end up on.

It's called PwnedList, and as the name suggests, it's a comprehensive database of email addresses that have been compromised or stolen — "pwned," in hacker jargon — from companies that have suffered data breaches or been hacked into.

By entering their email addresses in the search field on, people can see whether any of their own personal information, including email addresses, logins for banking sites or social-media passwords, may be in the hands of hackers.

Large-scale data breaches have affected dozens of major companies this year, including Sony, Citigroup, Google, Lockheed Martin and TripAdvisor, so PwnedList comes at a time when many people may not even be aware their sensitive data has been stolen.

Just type your email address, hit "Check," and wait for your results to come in. If your accounts are safe, the page will say "Nope! Congrats! Your email is not in our list." (I tried several emails, both work and personal, current and old, and was in the clear on all of them.)

If PwnedList says your information has been compromised, then it's time to change your passwords, install anti-virus software on your computers (including smartphones and tablets) and contact your bank to make sure there hasn't been any suspicious activity in your accounts.

[What to Do If Your Online Account's Been Hacked]

As of yesterday (Nov. 3), the site showed a tally of nearly five million "pwned" emails and usernames, 70 percent of which was made up of email addresses, with usernames comprising the remaining 30 percent.

The site's creators, researchers Alen Puzic and Jasiel Spelman from DVLabs, a division of HP/Tipping Point, wrote that PwnedList started out as a simple research project to see how many compromised accounts they could find in a short time.

After finding close to 30,000 harvested usernames in "just a couple of hours," the PwnedList team decided to take the website live as a service to people who may unknowingly have had their personal data compromised during a network intrusion on a company that stores their information, such as a bank or shopping site.

"The purpose of this project is to hopefully raise security awareness, encourage users to be more proactive about handling their personal security in cyberspace and at the same time help people monitor their accounts for potential compromises," PwnedList says on its site.

PwnedList is careful to protect the safety and anonymity of its users. The site does not require users to enter any passwords, and PwnedList says it does not store, reuse or give any data to third parties.

People can enter theft-resistant cryptographic addresses — hashes — instead of their plaintext email addresses. The website even lets hackers anonymously submit data they've pilfered without exposing their identities.