Categories: Security

Researcher Develops Tool To See If Password Has Been Reused

A security researcher has published a command-line tool that checks whether a password has been reused across a number of sites, in the wake of several large data breaches involving popular social media services.

The breaches, which exposed the passwords of more than 640 million accounts, led to a number of high-profile hacks, including one involving Facebook chief executive Mark Zuckerberg.


The tool, called Shard, is intended to help users ensure the password they use will not leave them exposed to attackers, said its developer Philip O’Keefe, an IT security researcher at Netsuite.

However, it could also be misused to automate the process of exploiting leaked passwords to hack accounts on sites where the same password was reused, industry observers said.

Shard checks passwords on Facebook, LinkedIn, Reddit, Twitter and Instagram, but it is easy to add more sites, O’Keefe said.

He said the tool found that a randomly generated password he had used on several websites was one of the 177 million LinkedIn passwords published online in May, leading him to begin using a password manager.

He said it would be difficult for sites to block traffic from the tool, since it is designed to imitate ordinary user behaviour.

Security experts recommend the use of a password manager, making it possible to use different complex passwords across multiple services, in order to guard against increasingly frequent password attacks.

Attack automation

Two-factor authentication can also be used with most online services, making them less vulnerable to a hack that only involves a password.

It is likely that hackers already use automated password tools similar to Shard, but the new tool is particularly easy to use, a factor that has increased the danger of hacking in other areas.

Exploit kits, for instance, which automate the deployment of a number of different security vulnerabilities, have recently facilitated attacks on Android and Microsoft Windows’ advanced defences.

A recent study by IBM and KPMG concluded that businesses are in the midst of an “arms race” with increasingly sophisticated computer criminals who are often well-organised in groups that resemble corporations.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

3 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

3 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

5 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

6 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

7 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

8 hours ago