The Personal Information Protection Commission expanded and revamped its "Find my leaked information" service and newly introduced an email address lookup feature in response to a rise in account information leaks via the dark web and other channels and growing credential stuffing attacks.
The Personal Information Protection Commission said on the 30th that it revamped the "Find my leaked information" service and began full operations as of the day before. Credential stuffing is a hacking method that attempts logins by repeatedly entering leaked IDs and passwords on other sites, and recent damage has surged.
The Find my leaked information service lets users enter the ID and password combination they use to check whether the information is being illegally distributed on the dark web and elsewhere. If a leak is confirmed, changing the password or setting up two-step verification can reduce the risk of account takeover.
With this revamp, users can now check for leaks using only an email address in addition to the existing ID and password lookup. The step reflects the growing number of services that use an email as an ID.
At the same time, a cross-lookup method for account information was introduced, and the number of daily uses was expanded from one to three, improving functionality and convenience. The Board of Audit and Inspection also recently noted in an audit the need to improve the quality of the service.
The Personal Information Protection Commission is currently conducting a survey on the service website asking about user experience and satisfaction, and plans to reflect the results in future service improvements.