Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
More than 10 million hacked email addresses and passwords have been posted to an Australian web site in less than 12 months.
The site, shouldichangemypassword.com was developed by Sydney security researcher Daniel Grzelak to allow users to determine if they were victims of publicly-disclosed data breaches.
As first reported by SC Magazine, the site allowed users to search through databases of stolen email addresses collated from sources including news sites and data
The web site could be a gem for companies concerned that staff have reused work passwords and email addresses on other web sites that were subsequently compromised.
The portal was orginally developed for Grzelak's mum and friends, and was sold in January to the Avalanche Technology Group.
It made headlines on the New York Times, Forbes and tech media sites when the LulzSec hacking group was at its peak.
"It’s scary to think that in less than two years, hackers have made more email addresses and passwords public on the internet than the entire population of NSW," Avalanche Technology Group commercial manager Shayne Tilley said.
“With thousands of new compromised emails and passwords being discovered every day, it’s increasingly evident that the threat from hackers is more dangerous than ever. Unfortunately in many cases the compromise is only discovered after it’s too late.”
Each compromised email address was encrypted before being stored within the site using a unique ID.
"This means that not even Avalanche’s internal team can access the list of email addresses, let alone a third party," the company said.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
