Quick way to find out if your account has been hacked?

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>]

In the wake of the recent account "hacks," and fueled by the Yahoo (and, this 
morning, Android) breaches, An outfit called Avalanche (which seems to have ties 
to, or be the parent company of, the AVG antivirus) has launched 
https://shouldichangemypassword.com/

They are getting lots of press.

"If you don’t know, a website called ShouldIChangeMyPassword.com will
tell you. Just enter your email—they won’t store your address unless
you ask them to—and click the button that says, “Check it.” If your
email has been associated with any of a large and ever-growing list
of known password breaches, including the latest Yahoo hack, the
site will let you know, and advise you to change it right away."

http://www.slate.com/blogs/future_tense/2012/07/12/yahoo_hacked_how_to_find_
out_if_your_email_and_password_have_been_stolen.html

Well, I tried it out, with an account that gets lots of spam anyway.  Lo and behold, 
that account was hacked!  Well, maybe.

(I should point out that, possibly given the popularity of the site, it is pig slow at 
the moment.)

The address I used is one I tend to give to sites, like recruiters and "register to get 
our free [fillintheblank]" outfits, that demand one.  It is for a local community 
site that used to be a "Free-net."  I use a standard, low value password for 
registering on remote sites since I probably won't be revisiting that site.  So I 
wasn't completely surprised to see the address had been hacked.  I do get email 
through it, but, as noted, I also get (and analyse) a lot of spam.

When you get the notification, it tells you almost nothing.  Only that your 
account has been hacked, and when.  However, you can find a list of breaches, if 
you dig around on the site.  This list has dates.  The only breach that corresponded 
to the date I was given was the Strategic Forecasting breach.

I have, in the past, subscribed to Stratetgic Forecasting.  But only on the free list.  
(Nothing on the free list ever convinced me that the paid version was worth it.)  
So, my email address was listed in the Strategic Forecasting list.  But only my 
email address.  It never had a password or credit card number associated with it.

It may be worth it as a quick check.  However, there are obviously going to be so 
many false positives (like mine) and false negatives (LinkedIn isn't in the list) that 
it is hard to say what the value is.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
On the side of the software box, in the System Requirements part,
it said Requires Windows 95 or better. So I installed Linux
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.