Dear visitor, in case we do not cover a topic you are looking for, then feel free to ask in our freshly created forum for IT-professionals for a solution. We hope our visitors can help you out with your questions. Have a good one. ~ Tom.

Hacked: Identity leak after release of Unknown Collection #1 – #5

A week ago, a large dataset (~1000 GB) of 2.2 billion E-mail addresses and passwords was released to the public. The dataset was released in five parts and is a collection of older leaks and smaller database dumps from unknown sources. The identity leak checker of the Hasso Plattner Institute can be used to verify if your credentials are affected. After you’ve submitted your E-Mail address you will receive a message to your mailbox containing detailed information about in what hack, what time frame and what details of your idendity was potentially released to the public.

In case you want to test if a specific password was released to the public, you can use the following steps on Windows:

1. Install Perl from Active State
2. Download hibp.pl of the HPBPPasswort package
3. Save the content to the file to your disk, for example in C:\Perl64\scripts\hibp.pl
4. Start a fresh command line by executing cmd.exe
5. Launch hpbp.pl by executing “perl c:\Perl64\scripts\hibp.pl”

Example:
C:\> perl C:\Perl64\scripts\hibp.pl
Password to check:
SHA-1: 10ff8696061e3e3bcf618506714d5dd19ed25d68
Found: 696061E3E3BCF618506714D5DD19ED25D68:24

Outputs:
– In case you see “Found: <HASH>” in the output then your password is well known to the public.
– In case the line containing “Found: <HASH>” is missing, then your password is probably not known to the public.

Hint: In case you would like to see the password you type, then comment out the line 21 of hibp.pl by putting a hash-sign in front of the line (#).

2 thoughts on “Hacked: Identity leak after release of Unknown Collection #1 – #5

    • Hi

      I was waiting for a comment like this.

      1. Nobody want your email adress
      2. The HASH comparsion service is not from me, it’s from widely trusted technician at pwnedpasswords.com.
      3. Your password is not submitted completely, only the first 5 characters will be transmitted, see the source:
      –snip–
      last unless $pw =~ /\S/;
      $sha = sha1_hex($pw);
      $first = substr($sha, 0, 5);
      $rest = substr($sha, 5);
      –snip–

      Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.