A week ago, a large dataset (~1000 GB) of 2.2 billion E-mail addresses and passwords was released to the public. The dataset was released in five parts and is a collection of older leaks and smaller database dumps from unknown sources. The identity leak checker of the Hasso Plattner Institute can be used to verify if your credentials are affected. After you’ve submitted your E-Mail address you will receive a message to your mailbox containing detailed information about in what hack, what time frame and what details of your idendity was potentially released to the public.
In case you want to test if a specific password was released to the public, you can use the following steps on Windows:
1. Install Perl from Active State
2. Download hibp.pl of the HPBPPasswort package
3. Save the content to the file to your disk, for example in C:\Perl64\scripts\hibp.pl
4. Start a fresh command line by executing cmd.exe
5. Launch hpbp.pl by executing “perl c:\Perl64\scripts\hibp.pl”
C:\> perl C:\Perl64\scripts\hibp.pl
Password to check:
– In case you see “Found: <HASH>” in the output then your password is well known to the public.
– In case the line containing “Found: <HASH>” is missing, then your password is probably not known to the public.
Hint: In case you would like to see the password you type, then comment out the line 21 of hibp.pl by putting a hash-sign in front of the line (#).