The Heartbleed Bug is one flaw in Web encryption that has created a giant security hole that compromises users' most sensitive or personal data and account credentials. But there are software developers who give peace of mind to the users by providing tools to help them, if not stop, yet determine if they have fallen victim to such data poachers.
Here are some Web sites that have opened up rooms to alert users when such attacks occur:
- haveibeenpwned.com: Troy Hunt, an Australian software developer, is the brain behind this Web site that allows people to check if they're on the wrong side of several data leaks that have occurred in the past couple of years - Adobe leaks. All you need to do is to head over to the site, enter your email address and click the "pwned?" button to the right. It will then automatically check if your email address and any other related accounts have been compromised or not.
- shouldichangemypassword.com: Daniel Grzelak, founder of shouldichangemypassword, lets you examine in an easy and simple way whether you are in the safe spot. This site uses a number of databases that have been released by some hackers to the public. No passwords are stored in the shouldichangemypassword.com database. The biggest problem with the compromises is that many people use the same password for multiple services. Once hackers know your login at one service they try it out at multiple services and if they are lucky enough, gain access to other services and accounts. Therefore, it is very important to start changing your passwords if your account has been hacked. Shouldichangemypassword.com only pulls from the databases that groups that have released after high profile breaches, it doesn't give you an absolute answer on whether all your passwords are secure.
- PwnedList: Co-founders Steve Thomas and Alen Puzic worked with the hacker community to simply create a list of email addresses. This helps users figure out if their account credentials have been hacked similar to the above two sites. The service crawls public sites where hackers post stolen data and then indexes all the login credentials it finds. It tells you, if your company or a Web site you use was hacked and PwnedList found it.
The company uses two sources of data for their massive database, which they are very transparent about.
"One is the manual collection of data from account dumps made by various hacker groups. Every week we spend a fair amount of time researching possible new security breaches and trying to collect any resulting data dumps. The other source is our automated harvesting system that is able to spider certain places on the internet, identify potential account dumps and import them into our database, all without human intervention. In fact, almost 40 percent of our data comes from automated harvesting."