The website Have I Been Pwned is known for analyzing and storing database dumps and leaked account details. A user can simply visit the site to know if their account has been compromised in the recent past. The good part is that the service is completely free.
Much to the concern of many users, a fake website similar to HIBP has popped up on the internet. The site claims to contain a database of over 1.4 billion compromised user accounts and associated passwords.
However, some of the passwords in the database could be a few years old. According to the journalist Daniel Verlaan, who reported the copycat, the database is the same as of the password search engine Gotcha.
TNW has confirmed that the database contains legitimate passwords. However, the site doesn’t have plaintext passwords for all the compromised accounts in the database.
Just like HIBP, the fake website also allowed users check their details via a search engine. Here is the creepy part, it also displayed passwords in plaintext. That means one can search the same for other people as well. The fake site then asks for a $10 in crypto coins as a donation to remove the passwords from the site.
However, there may be nothing to panic as the site is not getting the visitors it wants. And there aren’t any cases reported about successful cryptocurrency transactions to the site. The best you can do is change your passwords if you’re skeptical.
As per the latest update from Verlaan, the search engine on the site has stopped working. Now, it asks users to wait for sometime while it runs crypto miners in the background.
Source: Daniel Verlaan via TNW
