PwnedList, developed by Alen Puzic and Jasiel Spelman allows users to check if their online accounts have been compromised. Both authors of PwnedList work at TippingPoint DVLabs which is a premier research organization for vulnerability analysis and discovery, but the project is a personal effort developed in their free time. The idea is to provide a security tool for free, and most often the best tools originate from similar concepts – a combination of expertise, passion for security, and an activity not linked to profit-making.
It is worth noting the amount and quality of data the two security researchers managed to collect in a short period of time. In just under 2 hours they had harvested about 30,000 accounts, complete with logins and passwords. However, all data stored at PwnedList.com is hashed which means it is irreversible. Clear text data is removed, while users’ passwords are not retrieved.
Although, such services may raise some concerns whether their intent is genuine or not, I would normally trust a service by doing a short cross-examination of the authors and the features available with the service. The security experts behind this project are more than trustworthy, and I am convinced that they would not allow someone to use their names to masquerade a malicious activity. Also, the service allows users to upload a hashed value of their email or user account details which makes the service more secure (does not seem to be an option for ordinary users).
To check your email or user account against PwnedList go here: