There are a couple of articles at InfoWorld and one by Brian Krebs about PwnedList which are worth reading. Once you've read them, you won't be able to resist going to the Pwnedlist site to check your email address(es) to see if you too are on the list of 12million+ addresses and Logon ID's which have been stolen and spread around the web. Unless you spend a lot of time on Pastebin you won't realise just how many have been uploaded there, for a start. It's a free service, so why not use it?


From ompromised-177847 :


Ever had a sneaky suspicion that somebody, somewhere has cracked your email account?


A handful of researchers at well-known security firm HP/TippingPoint DVLabs spend their spare time looking for publicly posted lists of cracked email addresses. They've also written programs that comb repositories of dumped stolen data, including Pastebin. Their collection has grown to 5 million known compromised accounts, and it's growing daily.


If you're curious to see if your email address or username has appeared on any of those clandestine lists, drop by PwnedList and see if your email address has appeared on any of the lists DVLabs has accumulated.


The follow-up article is directed more at corporate users.  The PwnedList people now offer a subscription service (Domain Monitoring and Alerting Service) : sign up, and if an email address or ID from that domain appears anywhere in a stolen list they will send you an alert. The same service is also available to individuals, at $1 a day for a single email address.


More about this at ts-been-compromised-189255