Skip to main content

How to Know If Hackers Have Stolen Your Password

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American


Whatever you may feel about independent "hactivist" groups such as Anonymous and LulzSec, they are good at what they do. In the past few weeks members of these two groups have claimed responsibility for a number of data theft incidents, including the recent theft of more than 1 million user names and passwords from the Sony pictures web site. They then post these stolen names and passwords on message boards and  ordinary web pages for anyone to see. In one case, after publishing the user names and passwords to more than 26,000 users of Pron.com (a pornography web site), LulzSec recommended the following mischief: 

These guys probably sign into Facebook with the same email/pass combo, so we suggest the following:
1) sign into their Facebook accounts
2) find their family members
3) tell them all about how the victim (you!) signed up to porn sites
4) watch the hilarity
5) tell us about it on twitter!
6) ???????
7) PROFIT

Is your email address listed in any of these databases? The New York Times reports on a easy-to-use web tool that a security professional has created that will check your email address against 13 different databases containing 800,000 email address/password combinations. Called, appropriately, "Should I Change My Password?", the site runs a simple search for your email in the known files. I checked my various emails, and fortunately, the tool didn't turn up anything amiss. But the site also gives some very solid advice: Change critical passwords regularly, and don't reuse the same password across multiple sites.


On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


This is something we're very bad at. A recent report found that more than 75 percent of users use the same password for social networking sites and email—a huge risk in case one of those sites falls victim to nefarious figures.

If you find daunting the idea of creating separate passwords for all of the dozens of online accounts you need to maintain, take the advice of Christopher Mims over at the Technology Review blog: Set up four or five passwords, using one for all the low-security sites, another for any site that also has your credit card number, another for social networking, another for email, and the most secure for your banking sites. Sleep better.

 

Image credit: OperationPaperStorm on Flickr

Are you smarter than a machine? Enter our Great Consciousness Contest: http://bit.ly/ke4n3L

Michael Moyer is the editor in charge of physics and space coverage at Scientific American. Previously he spent eight years at Popular Science magazine, where he was the articles editor. He was awarded the 2005 American Institute of Physics Science Writing Award for his article "Journey to the 10th Dimension," and has appeared on CBS, ABC, CNN, Fox and the Discovery Channel. He studied physics at the University of California at Berkeley and at Columbia University.

More by Michael Moyer