What is the easiest way to search massive, leaked databases for persons and personal information?
Here is what I do...
I assume my data is out there... I don't bother looking for it. Somebody will run across my SSN eventually and it will get scraped up into a database and sold around the world.
As far as I'm concerned, searching for my data has little value and certainly won't put the horse back into the barn. In fact, even searching for my SSN or credit card numbers could expose them.
I live in the US and have placed a credit freeze on our 6 credit reports (3 for me and 3 for my wife). This is done at the websites of the big 3 credit bureaus.
When I need a new line of credit (loan, card, etc), I temporarily thaw the reports and they automatically re-freeze after a week or so (Just did this in order to refinance my home). This freezing and thawing process takes about 15 minutes online and has never cost me a cent.
http://www.clarkhoward.com/news/clark-howard/personal-finance-credit/credit-freeze-and-thaw-guide/nFbL/
Unfortunately, I don't think that this kind of research is going to do you much good. Unless you took upon yourself to seize a copy of the leaked database, and after searching it, you confirmed not being in there. At that point you're safe - against that one database.
But this is a risky business: obtaining the database would be illegal, and even searching for it might land you in a world of hurt. Also, you could probably achieve the same results by requesting the credit monitoring from the institution responsible, and hoping to hear "Sorry, sir: you are not eligible for monitoring since your data were not among the ones leaked". If you trust them, that is :-)
Otherwise, any indirect (and still dangerous) search you undertook would either confirm that you are at risk, or would actually be useless -- because you couldn't be sure whether the search would have found your data, and its failure means they aren't there, or if your data are actually there, and the search did not succeed in rooting them out.
If it is practical to do something to make that information less useful (change passwords, request replacement cards/tokens/PINs to be issued), you should already have done so.
In some countries it is possible to "lock" your credit situation, i.e., you request an access code (the first time it's pretty awkward, your identity needs to be verified etc.), then you declare that henceforward you are not going to request loans, credit cards, etc.; anyone attempting to do so without the proper Credit Central authorization in your name will then automatically be identified as a fraudster.
Although not directly related but very relevant to the questions asked by you, I like to bring in your notice "csi/fbi survey" conducted by CSI with the collaboration of the San Francisco Federal Bureau of Investigation's Computer Intrusion Squad and researchers from the Robert H. Smith School of Business at the University of Maryland.
The survey perhaps has the largest footprint reaching in its fifteen year mark reaching nearly all sector of information use. Including Consulting,Financial Services,Education,Federal Government,Local Government,Information Technology and Retail.
According to excerpt taken from CSI / FBI 2010/2011 survey
The attempt to identify the perpetrator continues to drop—from 60 percent two years ago, to 37.2 percent last year, and now this year down to 23.9 percent. It would seem that mitigation and recovery are much higher priorities than attempting to find the wrongdoer and mete out justice.
Corresponding to low incidence of reports to the media, there was a jump in not going public to anyone at all outside of the organization, with that percentage rising from 15.6 percent last year to 25.4 percent this year. Organizations appear to becoming more secretive than ever about the security incidents they encounter.
By stating these figures I say that there exists a very good reasons for you as a victim of credit fraud or any other privacy violations you would be getting any actionable response against the possible effects / attack on your personal data usage.
