DataBreach.com Emerges As Alternative To HaveIBeenPwned (pcmag.com) 12
An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.
Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.
Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.
Not a public service, this is a cash grab (Score:5, Insightful)
So you can look up all breaches from all people? (Score:2)
I know that these databases are out there for anyone to find on bittorrent, but it's pretty ludicrous that they just put that search for any email address out there without confirming that it's your address. This is way too easy to get that info.
Re: (Score:2)
I just checked my phone number.
It lists the breaches and the types of data, but I don't see the contents.
I suppose that the phone number is associated with linkedin and Facebook is something, but doesn't really seem like a privacy breach to me.
Re: (Score:2)
Can't you just search a phone number on linked in?
And if you're a malicious actor aren't you just going to search the databases that share the actual data?
Re: (Score:2)
What about if your email address is associated with something like Ashley Madison?
https://www.troyhunt.com/ashle... [troyhunt.com]
Re: (Score:1)
The article is a blatant shill, but... (Score:1)
Here me out for a moment -
Clearly the provinence behind HaveIBeenPwned is much better than this commercial shenanigan — However having some manner of redundancy for something as important as HaveIBeenPwned.com is useful. Presently HaveIBeenPwned's bus-factor is only 1 (IIRC) ( https://en.wikipedia.org/wiki/... [wikipedia.org] ).
Re: (Score:2)
Here me out for a moment -
I did, but from my perspective, it was; "There you out for a moment" /s
Re: (Score:1)
Eye sea watt ewe did their
One-stop shop (Score:2)
Aggregating this data provides a very convenient resource for hackers. I sure hope their security department is on the ball.