Shared User Checker
By Robert Hansen
Preface: We no longer live in veiled gardens. Users tend to use many sites, and tend to have similar passwords across those sites. When a successful attack occurs that victim site becomes the least common denominator. All sites that share those users are now potential targets. A compromised user often represents a compromised user on more than one platform. During the latest Gawker hack, an estimated 1.3 million users were compromised. That includes users including government officials, to the lowest private citizen and thousands of people in between.
Overview: As private citizens, it is our duty to help protect our users and their accounts just as much as it is their duty to protect ours. During the latest Gawker compromise, SecTheory took it upon itself to begin to parse apart the file and begin to contact companies that it has had private relationships with who were compromised. This included many extremely large companies, with international presences. The amount of compromise was significant.
After talking with Joost de Valk, SecTheory developed a small API to allow users to identify if their accounts have been compromised. The API takes in the user's email address and returns a binary flag (1 for compromised and 0 for uncompromised). Below is a slightly modified version of the same API:
Joost de Valk then took the SecTheory API and extended it to be used within WordPress by way of a plugin called Shared User Checker. Now WordPress administrators can identify which of their users may have been compromised. By identifying those users not only are those administrators making their own users more secure, but they are alerting those users to the potential harm their passwords may cause them on other websites. These users did nothing wrong, and shouldn't be punished, but because they often use the same passwords it is important that they be alerted to the very real threat.
Thanks: Special thanks to Joost de Valk and to James Flom for their help.