Julian from aTechDad made a scraper to alert victims of large hacks.

The Internet’s Dad Emailed 97,931 People to Let Them Know Their Passwords Were Compromised

The Internet’s Dad Emailed 97,931 People to Let Them Know Their Passwords Were Compromised

Future Tense
The Citizen's Guide to the Future
June 26 2015 2:36 PM

The Internet’s Dad Emailed 97,931 People to Let Them Know Their Passwords Were Compromised

Hkg9235491
Is Digital Dad the next superhero?

Photo by Hoang Dinh Nam/AFP/Getty Images

Every time there's a major corporate or government hack and email address/password combinations pour onto the black market, you have to wonder whether your credentials are among them. But most of us don't take any action to check. If only we had a digital dad watching our backs and trying to help us stay safe.

“Julian,” the blogger behind ATechDad, is experimenting with a way to do just that. Over three days, he collected (formerly personal) user data that had leaked in large-scale breaches and was posted to sites like PasteBin that host plain text uploaded anonymously. To do it, he made Canary, a tool that scrapes sites like PasteBin, meaning it automatically culls select data from Web pages and then sends a pre-written email alerting people that their credentials are exposed on the Internet.

Advertisement

As Julian notes in a blog post, similar scraping services already exist, but they have two problems. "1. Most users have no idea these services exist. 2. Many users are wary of sending the information they care most about to another online service." So Julian figured that the credentials could speak for themselves: If they're on PasteBin, the owner should probably get notified.

On May 19 he used Canary to send 97,931 emails warning people that their cybersecurity was at risk. Motherboard rightly points out that lots of people would probably ignore such an email because it might look like a phishing scam. But Julian reports that some people actually responded. He got nine thank yous.

The project might feel a little paternalistic and even invasive, but Julian really seems to be doing a dadlike good deed. Since he sent the first round of warnings, he's collected a total of 300,000 login credentials and is contemplating another email blast.

"I received no donations. This was not unexpected—but since the campaign didn’t cost me much, it’s also absolutely fine," he wrote. "Overall I consider this experiment a success. I hope that many people were helped and did not reply instead of ignoring or losing the email to spam filters." <3 dad

Future Tense is a partnership of SlateNew America, and Arizona State University.