Yesterday, the Swiss Governmental CERT has published a
press release stating that more than 6000 Email Accounts where compromised.
They offer a tool to check if your address is compromised, which is, in my option very well designed.
(Some people asked why the site is hosted at Cloudflare - the CERT claims thy did that for DDoS prevention. The Databse supposedly is based in Switzerland).
To check an Email-Address is contained in the database, the site creates a SHA-265 Hash of the lowercase Emailadress and transfers this.
This ensures that no real Emailadresses are transferred.
The downside is that this way, it is not so simple to check a lot of Emailadresses (like all of your company).
Below, I provide a simple Powershell script to check a list of Emailadresses.
As an input, it requires a simple CSV of the format
Email
me@email.com
I throttled the script quite a bit to be nice.
What to do if an address of yours was compromised?
This could mean two things: either the actual Email-account is compromised (really bad) or some web account where this Email address was used is compromised (badness depends on if the service is critical AND if the same password was used elsewhere).
I recommend the following:
- Immediately Change the Password of said Email-Account
- Change the password of all accounts where the Email address is used as a password
To do this properly, you need a list of your accounts and their passwords - not on paper, but in a Passwordsafe like
Keepass. A Passwordsafe also includes a strong password generator - each account must have its own password!
Keine Kommentare:
Kommentar veröffentlichen