A partnership announced today merges LastPass’s credential management services with PwnedList’s credential monitoring services. The companies said “credential management and credential monitoring [are] natural complements” and that the move will bolster password security for LastPass end users.
PwnedList runs a database of some 23 million login credentials exposed in, or otherwise made public by, recent data breaches. Among Pwnedlist’s sources are the compromises of Gawker, Sony, Stratfor, Gamigo, Yahoo! and other hacks. LastPass provides password management services to individuals and enterprise clients.
The partnership will enable LastPass to cross-reference their users’ passwords and username or email address combinations against PwnedList’s database of compromised usernames, email addresses, and passwords. When a match is found between a their users’ credentials and information on the PwnedList database, LastPass will be able to send an email alert to the user in question, prompting that person to, hopefully, reset their password or passwords.
LastPass will check passwords against the PwnedList database every day. For enterprise customers, LastPass will contact administrators as well as employees when matches are found.
The partnership came about after LastPass became the first customer to sign on to PwnedList’s End User Protection Services. The service offers access to PwnedList’s compromised credential database in order to determine which of its users is at the highest risk of account takeovers and other online fraud.
PwnedList launched in November 2011 and its database has grown consistently. When Threatpost interviewed PwnedList’s co-founder Steve Thomas in March, the database contained 12 million credentials. The PwnedList database has doubled in the last six months.
