a prototype tool created by researchers from the University of California San Diego (UCSD) aims to bring greater transparency to such breaches. The system, called Tripwire, detects websites that were hacked, as is detailed in this study.
Here’s here how it works: To detect breaches, the researchers created a bot that automatically registered accounts on thousands of websites. Each of those accounts shared a password with a unique associated email address. Working with a “major email provider,” the researchers were then notified if there was a successful login on any of the email accounts. Since the email accounts were created for the study, any login was assumed to be the result of a security breach on the website associated with that account.
“While Tripwire can’t catch every data breach, it essentially has no false positives—everything it detects definitely corresponds to a data breach,” Joe DeBlasio, a Ph.D student of Jacobs School of Engineering at UCSD and an author on the research paper, told Gizmodo. “Tripwire triggering means that an attacker had access to data that wasn’t shared publicly.”
As part of the study, the researchers monitored over 2,300 sites from January 2015 through February of this year, and found that 19 of the sites (or one percent) had been compromised. The study notes that the system found “both plaintext and hashed-password breaches”—if your password is hashed, it is indecipherable to a hacker. Arguably the most damning finding of the study was that, at the time it was published, all but one of the compromised websites failed to notify their users that they had suffered a breach. Only one site told researchers they would force a password reset.