BY NOW IT’S hard to keep track of which companies have been hacked and which haven’t. Remember the FourSquare hack? What about Adobe? Even breaches that were high-profile at the time are fading into obscurity as bigger and scarier ones crop up. (Ahem, Yahoo.) And if you can’t remember what’s been hacked, you’re probably struggling to keep track of which leaks have included your personal data. That’s where “the Google of data breaches” comes in.
LeakedSource is a service that sends email notifications about new breaches and offers a database of information stolen in hacks. Its basic services—the ability to sign up for email notifications and search the database—are free, but users can pay to access more advanced search functionality. LeakedSource also provides a paid tool for businesses, so that they can notify users who have been affected by a breach. The project started in late 2015, and with just days to go in 2016, the group that runs LeakedSource is planning to release roughly 100 million more records from a “Chinese mega site” that hasn’t yet announced the hack, according to a LeakedSource representative. That will bring LeakedSource’s total for the year to a whopping three billion. It plans to publish 105 million more in early 2017, a combined total from 20-30 hacked sites.
Its mission is as much to tell users that their information is at risk as it is to pressure companies to disclose when they’ve been compromised—something that often happens far too slowly, if at all. Logging the data in breaches also allows users (individuals or large entities) to keep track of which of their accounts have been compromised and which pieces of their data are permanently out in the open. At the very least, it helps you keep track of which passwords you have to change. But it also allows people to see whether data points like their phone numbers are bouncing around in the wild connected to their name. You give so much information to the services you interact with, sometimes without even really consciously registering what you’re putting out there. It’s necessary to take back whatever control you can.
“It can admittedly get tiring to be ignored by breached companies 95 percent of the time and staring at database after database,” says a LeakedSource spokesperson. “We originally started this because people were asking where they could see if they are affected by XYZ breach, but they had no good answer since companies just don’t tell users about hacks.”
A small group of anonymous international members operates LeakedSource from an undisclosed location—the group says that “if nobody knows who we are or where our site is located, bad people can’t attack us.” Contributors use their varied skills to help run the site, administer the database, and analyze data. A spokesperson for LeakedSource said in a separate interview that some group members “have other sources of income and others are still in school.”
Some of the site’s biggest troves this year include over 360 million aging Myspace accounts, and more than 339 million users affected in the Adult Friend Finder hack. It’s like a more comprehensive, and more secretive, version of researcher Troy Hunt’s Have I Been Pwned, which has collected just under two billion records since 2013.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.