Leaked database exposes 87GB of emails and passwords (mine included, grrf!)

Discussion in 'General Discussion' started by Babel-17, Jan 19, 2019.

  1. Babel-17

    Regular

    Joined:
    Apr 24, 2002
    Messages:
    974
    Likes Received:
    223
    pharma, AlBran and green.pixel like this.
  2. ToTTenTranz

    Legend Veteran Subscriber

    Joined:
    Jul 7, 2008
    Messages:
    9,390
    Likes Received:
    4,030
    Yeah.. I'm not about to put my e-mail address and then their corresponding passwords into that website who knows my IP and MAC address.
    Sounds like a world of self-inflicted damage to me..

    Besides, it says it's been breached but it won't show the passwords connected to said e-mail addresses, so...
    Anyone could compile a list of websites that have been breached and say your e-mail was compromised.
     
  3. Bludd

    Bludd Experiencing A Significant Gravitas Shortfall
    Veteran

    Joined:
    Oct 26, 2003
    Messages:
    2,944
    Likes Received:
    518
    Location:
    Funny, It Worked Last Time...
    Mine is in there too, but it is probably from that time my Origin account was hacked because of a really bad password I had there. Someone was playing BF3 (or 4 can't remember) and the language setting was russian.

    Anyway, I don't use that bad password anymore and I have enabled 2FA everywhere. Even here. :)
     
  4. N00b

    Regular

    Joined:
    Mar 11, 2005
    Messages:
    673
    Likes Received:
    84
    haveibeenpwned.com is operated by Troy Hunt, who is a Microsoft employee and a has an excellent track record as a security researcher. The guy is definitively legit.

    Of course it's a good idea not to upload your passwords anywhere and you don't have to do that.

    You can download the passwords as SHA-1 hashes, but the file is 11 GB.

    But there is another way to check it locally, it is described here: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity

    Here is a Phyton script that just does that: https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724

    Please beware the haveibeenpwned does not contain the passwords from the Collection # 2-5 leaks, so they are not quite up-to-date (yet).

    There is another website where you can check if information related to your e-mail address has been exposed: https://sec.hpi.de/ilc/search

    You input your email address and they send you a mail containing the information if and what has been leaked (e-mail, password, personal information, just the information about what has been exposed not the actual information). However there is no way to check if a particular password has been leaked.

    As a general rule it is a good idea to use something like Password Safe or 1Password. Choose one password that you can remember and don't use anywhere else for your password database. For everything (or at least for anything that's important) else generate random passwords with at least 12 chars. May be inconvenient, but it's secure.
     
    Babel-17, pharma and green.pixel like this.
  5. Babel-17

    Regular

    Joined:
    Apr 24, 2002
    Messages:
    974
    Likes Received:
    223
    Thanks for that, I just used it and their reply was quick. I had forgotten that Anonymous had hacked the rootkit.com forum, and I was one of the 79,356 affected members. I later found out that the person running the place, which provided guidance on how to check for rootkits on your PC, was part of a corporate effort that went after hackers.

    There's Anonymous, and then there's the Anonymous, and I was unlucky to get hit by a bunch that was oblivious to hurting innocent bystanders.

    https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/

    I remind myself that anyone can be Anonymous, and most of them aren't jerks.
     
  6. Babel-17

    Regular

    Joined:
    Apr 24, 2002
    Messages:
    974
    Likes Received:
    223
    Credential dump contains another 2.2 billion pwned accounts

    https://nakedsecurity.sophos.com/20...-contains-another-2-2-billion-pwned-accounts/

    Edit: Only now did I think to check my much less used gmail address.

    Only one was from new, from collection one, and I think "no pastes" means that my email address wasn't pasted anywhere.

    Here's what they found, though I don't remember ever using My Space. But I can't rule out that I registered for one reason or another.

     
    #6 Babel-17, Feb 2, 2019
    Last edited: Feb 2, 2019
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...