Compromised Accounts for OSINT and Digital Security

Posted on June 5th, 2017

I have always encouraged people to check their email addresses on sites such as HaveIBeenPwned. If present, your account is included in a known breach, and you should change your passwords immediately. This site has been the standard as far as reported breaches, and the owner stays on top of the latest threats. I recently found Hacked Emails, which offers a very similar service. However, there are two key advantages with this newer service.

First, Hacked Emails constantly scans paste sites and other release resources, and immediately updates its database. This may be redundant information, but the constant update could reveal a compromised account that may not be present on other similar sites. Overall, I now check both of these services monthly for any of my email addresses that may have been compromised.

Second, Hacked Emails offers an API service, with a call from a URL. This means that unlike HaveIBeenPwned, you could submit a search request directly through the address bar of your browser. If your email address is john@gmail.com, the following address would retrieve your results:

https://hacked-emails.com/api?q=john@gmail.com

The results may appear like awkward text, but the JSONViewer plugin to your browser would fix that. The main benefit of this type of search versus a standard search through their home page is that you could bookmark this page and always be a click away from the results. I have a handful of these bookmarked, one for each important email account, that I can quickly check for any new compromises. This is great for “Defense” when watching out for your personal accounts, but I also use this as “Offense”.

I often need to verify if an email address is real or fake. The various email verification services no longer work well on most domains, and are extremely unreliable under perfect conditions. Therefore, I use these services to check a target email address. If it appears in a breach, I feel confident it is a real address. If the breach was from 2015 or earlier, I know the account was not a “burner” created last week. Overall, I find these types of checks much more reliable than a traditional email validator. Below is an example of an actual email address search. It identifies the services used, which tells me more about the email address owner. Further, clicking on these links tells me the date of the breach and the types of information stolen and released publicly.

Filed under General, Hacking, OSINT, Search |

Search

Recent Posts