There have been numerous stories over the last few days about the alleged theft of 2 million passwords and credentials.   Trustwave, an IT security provider, discovered this huge breach that affected consumers in 100 nations and wrote about it in a December 4th blog (blog.spider labs.com).

Trustwave notified the affected companies — Facebook, LinkedIn, Twitter, Google and Yahoo!.  In his story about the breach, Eric Chabrow wrote that Facebook, LinkedIn, and Twitter notified any affected customers and have already reset their passwords. He said there was no comment from Google and Yahoo! (www.bankinfosecurity.com; “2 Million Passwords Reportedly Stolen”).

But what can consumers do if they want to pro-actively see if their passwords have been hacked? I found an excellent solution in a timely article Larry Seltzer did for Zero Day (www.zdnet.com; “How to find out if your password has been stolen”; December 6).  Mr. Seltzer wrote that there are many public databases that provide information about breached accounts but there hasn’t been a way for consumers to search across all of them.  He found two sites that let consumers do just that.

One of the sites he mentions was created by Troy Hunt and is called “Have I been pwned?” (haveibeenpwned.com).  Mr. Hunt’s site consolidates databases from five major breaches for a single search.  The breaches are for the hacks done of Adobe, Statfor, Gawker, Yahoo! and Sony.  Mr. Seltzer also mentions the “Should I Change My Password?” site which appears to be the front-end for pay services.

I wanted to see how Mr. Hunt’s site worked.  As Mr. Seltzer wrote, I just entered my email address and, happily, I quickly got back a green box with the message “Good news –no pwnage found!”  A red box would have appeared if one of my passwords had been hacked and telling me for which account.  Having that precise  information would mean, as Mr. Seltzer noted, that I would only have to change the password for that particular account.

Mr. Seltzer concludes that “…the only good strategy is to have strong and separate passwords for all services you use.”  It’s excellent advice but it’s also very helpful for consumers to know about the sites in his article.