We’re excited and proud to unveil a fully redesigned website, along with a brand new name! As of today, Should I Change My Password is called BreachAlarm.

We’re very proud of the service we provide you, and we thought it was high time we delivered a site design that reflected the quality of that service. We hope you agree the new BreachAlarm website not only looks great, but is much easier to navigate and use.

Read More

Beginning on May 26th, a number of Apple device owners with Apple ID accounts registered in Australia or New Zealand have had their devices locked remotely. Affected devices display a message claiming they have been hacked by ‘Oleg Pliss’, and demanding money be transferred into an account for the device to be unlocked.

Updated 10 June 2014: The two hackers responsible for these attacks have now been arrested in Russia. Initial news reports indicate that the hackers obtained account credentials using phishing sites (fake Apple login pages) and social engineering (tricking users into disclosing their login credentials), rather than from a password breach on a third-party site, as previously suspected.

Apple claims its systems have not been compromised, and as of this writing, the source of the breach remains a mystery. Users targeted by the attack have used a thread on Apple’s community support forum to exchange information in an attempt to isolate the source of the issue.

Read More

eBay yesterday posted a notice on its corporate website (where almost no one will see it), to advise that its user database was stolen by hackers in February or March of this year.

Update (27 May 2014): eBay has begun to send emails notifying its users of the incident. The notification downplays the seriousness of the loss of persionally identifiable information, but it does a decent job of warning users of the risk to their password security.

This database contained usernames, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. eBay has not specified the form of encryption it used for the passwords, so it is impossible to know how resistant these passwords will be to decryption; however, it is safe to say (as in most cases with encrypted passwords) that weak passwords will be easily decrypted by hackers.

Read More

A serious flaw was found in OpenSSL, a software program vital to the security of half a million websites, including Should I Change My Password.

Read More

In early October, Adobe announced that 2.9 million customers were impacted as a result of a data breach. The attack was allegedly carried out mid-August. A few weeks later it surfaced that the number of effected customers was over 40 times the original amount with 152 million email address and passwords published online. To our knowledge, this makes it the largest publicly known password database compromise in history. We have received and reviewed the file.

Read More