Skip to main content

Are your passwords available to hackers online? Search engine Indexeus can tell you

While the rest of the world is debating the rights and wrongs of the "right to be forgotten" in the European Union, one Portuguese entrepreneur with remarkably few scruples has been making a fast buck out of the idea. Indexeus (opens in new tab), designed by 23-year-old Jason Relinquo of Portugal, is a search engine that boasts a searchable database of "over 200 million entries available to our customers."

The site allows anyone to search through millions of records from some of the larger data breaches of late — including the recent massive breaches at Adobe (opens in new tab) and Yahoo! (opens in new tab) – listing huge amounts of information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts.

Most of the information, however, comes from breaches and hacks of forums popular in the hacking community, meaning that this is one of the largest depositories of hackers' personal details ever made available.

The whole idea of Indexeus is that people who don't want their details to be searchable can pay a "donation" of $1 per detail to have the information removed, or "blacklisted".

As a disclaimer on the site originally explained, "The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service."

While high levels of traffic seem to have downed the site, and only a CloudFlare Always Online snapshot is available, users are recommended not to make any payments to Relinquo when the site does come back online.

In fact, since being exposed on Brian Krebs' security blog (opens in new tab), Relinquo recenty modified his terms of service so that users don't have to pay to have their information removed from the site. However, it remains unclear how users would prove that they are the rightful owner of specific records indexed by the service.

"We're going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don't want to escalate," Relinquo wrote in a chat session. "If [Indexeus users] want to keep the logs and pay for the blacklist, it's an option. We also state that in case of a minor, the removal is immediate."

Relinquo has suggested that the EU's right to be forgotten ruling, which has been causing so much consternation with Google (opens in new tab), is the source of the so-called "legal complications".

So maybe there's a bright side to the right to be forgotten ruling after all?

Paul Cooper
Paul Cooper

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.