How to Check If You Were Exposed by Today's 5 Million Password Leak
The one silver lining to this incident: It looks like these emails weren't from a new hack, they were compiled from a bunch of old thefts.
Today, almost five million email addresses and passwords were posted on Bitcoin Security, a Russian forum. The forum member who posted the various Gmail and Yandex accounts, "tvskit," claims that 60 percent of the passwords are valid. However, some of them are outdated—the password shown for my personal email address was changed months ago and Business Insider notes that some were as outdated as ten years.
Though the forum manager has already removed the file containing exactly 4,930,000 emails and passwords, it has led to somewhat of a digital panic as people work to learn if they have been affected. Someone has created the website "isleaked.com" (isleaked.com/en.php for the English version) for users to match their email address against the list to see if they were affected:
The one silver lining to this incident: It looks like these emails weren't from a new hack, instead, they were compiled from a bunch of old thefts.
Update 3:20 p.m.: If you are having trouble opening isleaked.com, we would recommend refreshing the page. They're being overwhelmed with traffic right now. After a few refreshes, we were able to open and use the site in the Google Chrome browser.
If you are wary of giving your email address, you can replace up to three characters with *** for additional anonymity (though that will show you all the email addresses which match.)
Update: 7:35 p.m.: There has been speculation about the integrity of Isleaked, as the domain was registered on September 8th, before American publications widely reported the leak (Russian publications reported the leak on the 8th, and Habrahabr broke the story on the 7th, Habrahabr is a popular Russian IT blog.) The Wire reached out to Isleaked administrators, who offered this statement:
7th september was a day of yandex's mails leakage (http://habrahabr.ru/post/2362
83/ in russian).
First, we made our service specially for yandex. Then was another big leak of mail.ru (http://habrahabr.ru/post/2360
Yandex and mail.ru are biggest email providers in Russia. So we added leaked mail.ru addresses.
Finally there was a gmail leak (http://habrahabr.ru/post/2362
Since gmail is worldwide mail provider, we decided to translate our service to english.
As an alternative, you can use http://securityalert.knowem.com:
Or you can use https://haveibeenpwned.com: