News: 0175422413

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

DataBreach.com Emerges As Alternative To HaveIBeenPwned (pcmag.com)

(Thursday November 07, 2024 @11:52AM (BeauHD) from the more-the-merrier dept.)


An anonymous reader quotes a report from PCMag:

> [1]Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. [2]DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had [3]launched DataBreach.com as an alternative to Have I Been Pwned , which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

>

> Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.



[1] https://haveibeenpwned.com/

[2] http://databreach.com/

[3] https://www.pcmag.com/news/databreachcom-emerges-as-alternative-to-haveibeenpwned


Not a public service, this is a cash grab (Score:5, Insightful)

by sinkskinkshrieks ( 6952954 )

PC Mag paid content blogging can take a hike.

So you can look up all breaches from all people? (Score:2)

by Njovich ( 553857 )

I know that these databases are out there for anyone to find on bittorrent, but it's pretty ludicrous that they just put that search for any email address out there without confirming that it's your address. This is way too easy to get that info.

Re: (Score:2)

by AvitarX ( 172628 )

I just checked my phone number.

It lists the breaches and the types of data, but I don't see the contents.

I suppose that the phone number is associated with linkedin and Facebook is something, but doesn't really seem like a privacy breach to me.

Re: (Score:2)

by AvitarX ( 172628 )

Can't you just search a phone number on linked in?

And if you're a malicious actor aren't you just going to search the databases that share the actual data?

Re: (Score:2)

by SilentChasm ( 998689 )

What about if your email address is associated with something like Ashley Madison?

[1]https://www.troyhunt.com/ashle... [troyhunt.com]

[1] https://www.troyhunt.com/ashley-madison-data-breach-q/

Re: (Score:1)

by Anonymous Coward

That's like saying it's ludicrous that google lets you search for a name without confirming you're that person. Or that it's ludicrous a phone book lets you look up phone numbers and physical addresses without confirming they belong to you. Or actually this isn't even as bad as those because these databases don't actually give you the compromised info, they just let you know it's out there. A malicious person can just open the leaked data and Ctrl+F your email address, these databases don't make anything ea

The article is a blatant shill, but... (Score:2)

by Asteconn ( 2468672 )

Here me out for a moment -

Clearly the provinence behind HaveIBeenPwned is much better than this commercial shenanigan — However having some manner of redundancy for something as important as HaveIBeenPwned.com is useful. Presently HaveIBeenPwned's bus-factor is only 1 (IIRC) ( [1]https://en.wikipedia.org/wiki/... [wikipedia.org] ).

[1] https://en.wikipedia.org/wiki/Bus_factor

Re: (Score:2)

by ls671 ( 1122017 )

> Here me out for a moment -

I did, but from my perspective, it was; "There you out for a moment" /s

Re: (Score:1)

by Asteconn ( 2468672 )

Eye sea watt ewe did their

One-stop shop (Score:2)

by marcle ( 1575627 )

Aggregating this data provides a very convenient resource for hackers. I sure hope their security department is on the ball.

Re: (Score:2)

by bleedingobvious ( 6265230 )

Are you new to this?

It sounds like you're new to this. And hilariously ignorant.

Next up, explain how social media should do age verification. It's my favorite!

give us your data (Score:2)

by awwshit ( 6214476 )

Its not a honeypot, pinky swear. Just go ahead and start entering your personal information, no worries. Better check if your password has been cracked, enter it here.

The universe is all a spin-off of the Big Bang.