It doesn't stop. Around 28,000 accounts from the fan-site forum ThisHabbo and details on 40,000 users of the Swedish forum Flashback were made public recently, according to website Have I Been Pwned?
ThisHabbo is a radio-oriented site, and Flashback, from a books and magazines publisher, is supposedly the largest forum in Sweden.
Forum data breaches might have you wondering – just how does one go about finding out if their account or email address is among those that have been leaked?
Am I on the list?
Obvious website defacing by hactivists can be relatively easy to spot—your website changes, or files get deleted. Banking hacks are also pretty easy—unauthorized charges start sucking your bank account dryer than it was before.
Other, more surreptitious hacks might not be so obvious. Two resources are available that can help.
Have I Been Pwned?
Troy Hunt, an author of web security courses for Pluralsight, built the website Have I Been Pwned? It's a compendium of data breaches. To use it, you simply enter your email address or account name in a text search box and the site lets you know if it's been pwned or pasted.
You may be unfamiliar with the definitions used. The word "pwned" derives from video-game culture, and refers to someone who's been beaten. Urban Dictionary thinks it's a corruption of the work "owned."
Pwned accounts are email addresses and user accounts that have been breached—a hacker illegally obtains the data from a vulnerable system.
Pasted accounts, on the other hand, are the pwned accounts that have been pasted to a public website. Have I Been Pwned? uses the example site Pastebin in its documentation. Pastebin lets users share information publicly, but anonymously.
Hunt has 175 million compromised pwned accounts in his database, including one of mine, actually.
Breaches he covers include the 152,445,165 Adobe accounts stolen in October 2013, among numerous others.
Dump Monitor, a Twitter-bot, is slightly different in that it watches for pastes and catalogues them, along with the raw Pastebin data. It provides much of Hunt's raw data.
It's not geared toward individual search, as Hunt's database is, but it does provide for an interesting, real-time disclosure of the volume of pasted user accounts. For the gory details, you can drill down to see the actual data.
In the time it's taken me to write the last few paragraphs, I saw four tweets appear in the Dump Monitor timeline, all about recent pastes. A total of 217 emails were pasted publicly in Pastebin over the 23-minute period in which I wrote this.
Much of the stuff on Pastebin gets deleted almost immediately, making it quite hard to monitor yourself. Hunt's Have I Been Pwned? indexes that Dump Monitor material before it gets removed from Pastebin. On his website, Hunt says it takes him 40 seconds to grab it.
And in the enterprise?
Hunt said in an interview with Danny Bradbury of the Guardian that companies can use his site to look for staff and customers in the publicly disclosed data dumps he indexes.
He says that in addition to looking inside your own network, his tool is a "useful weapon in the battle against stealthy hackers."
This article is published as part of the IDG Contributor Network. Want to Join?