Taken from PCWorld Magazine, March 2012 Edition

The compromised usernames, email addresses, and passwords that PwnedList collects are protected by an algorithm that creates a unique string of alphanumeric characters for each name and address.  PwnedList then saves the strings in its database before deleting the actual login information. Every time you type a username or email address into the PwnedList search engine, the server runs your request through the same algorithm used to has the compromised accounts, compares the string generated against the strings in its database, and alerts you if it finds a match.

At present, the service can tell you only whether a particular name or email address is on the list, but that may change in its next version… including the name of the site/company that hosts the account, the number of accounts contained in the leak, the date they found the leak, and the name of the hacker/group that published the data. If you’re unlucky enough to find your favourite username or email address on the list, don’t panic! Chances are, your data hasn’t yet been compromised, but to be safe, take a few common-sense steps: Update all your accounts with better passwords, put a fraud alert on your credit report, and monitor your financial statements for a few months.