Data loss detection tool mines the ephemeral world of 'pastes'
- 16 September, 2014 12:05
A new feature in an online tool that searches for compromised data now indexes email addresses that appear on websites where users "paste" data, such as Pastebin.
It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes."
The most well-known paste website, Pastebin, has long been used as a public yet relatively anonymous way for attention seekers to showcase data they've collected through intrusions.
Sydney-based software architect Troy Hunt last year launched "Have I Been Pwned," (HIBP) a website where people could see if their usernames and email addresses had turned up in caches of data from massive breaches that affected companies such as Adobe Systems, Stratfor and Sony.
He's now added a capability to quickly input email addresses that pop up in pastes into his database, giving his subscribers quick alerts just minutes after their data is published.
"A lot of the big breaches we've seen have had partial dumps on Pastebin," Hunt said in a phone interview Tuesday.
The latest feature in Hunt's service uses a Twitter feed "@dumpmon," short for Dump Monitor, which is a project by Jordan Wright. Dump Monitor is a bot that monitors posts on Pastebin and other sites for email addresses, hashes and APIs that may indicate a data breach.
Dump Monitor then regularly tweets links to those pastes. Hunt uses Dump Monitor's feed, collecting the email addresses from the pastes and storing them in its breach database. That process of collecting the email address and putting them into HIBP's database takes a little over 30 seconds.
Users can sign up for alerts that are sent when their email address shows up in a paste. It means that within a few minutes, someone could know when their data appears on the Web, allowing them to take quick action, such as changing their password.
Pastes are notoriously ephemeral. Pastebin forbids the publishing of personal data in its terms and conditions, and pastes may be removed. HIBP pulls the email addresses from the pastes, but does not store the actual paste, according to a writeup on Hunt's blog.
The reason, Hunt said, is that many of the pastes contain sensitive information such as passwords, which he doesn't want to store for obvious reasons. That decision may make it harder for people to take action, but mitigates the risk that comes with storing large batches of live credentials, he said.
Best of all, Hunt's service is free unlike those offered by several companies that specialize in monitoring underground forums for stolen data. HIBP may not have the comprehensive scope of those services, but it does allow consumers to not have to rely on companies they've interacted with to notify them of a breach.