cancel
Showing results for 
Search instead for 
Did you mean: 

Might be a good idea to change passwords

St3
All Star
Posts: 2,404
Thanks: 389
Fixes: 2
Registered: 13-07-2012

Might be a good idea to change passwords

14 REPLIES
Community Veteran
Posts: 7,916
Thanks: 596
Fixes: 8
Registered: 02-08-2007

Re: Might be a good idea to change passwords

Interesting post.

Shows one breach on Feb 16th for Linux Mint 18.

Password has been changed since then so no problems.

Steve
Seasoned Pro
Posts: 6,683
Thanks: 248
Registered: 13-07-2009

Re: Might be a good idea to change passwords

Might be the reason why, all of a sudden, completely out of the blue, my free Yahoo email address has been receiving 10 spam emails every day for the past two weeks.

rongtw
Seasoned Hero
Posts: 6,329
Thanks: 1,154
Fixes: 11
Registered: 01-12-2010

Re: Might be a good idea to change passwords

Oh No !!! oh no.PNG

 

 

 

 

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Community Veteran
Posts: 2,918
Thanks: 168
Fixes: 3
Registered: 05-04-2007

Re: Might be a good idea to change passwords

I believe if they can get your password, and any more personal information, then the hackers will assume that password will work with other sites, and try it. After all, how many people use a separate password for site they use? Not many I would assume.

It has happened to me, where a company I used got hacked, their database nicked and they informed me to change my password. Mind you it was bad of them, the passwords were not encrypted. Even so, MD5 can be cracked.

Community Veteran
Posts: 13,923
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Might be a good idea to change passwords

Members of the public can check if their accounts have been affected via the Have I Been Pwned service.

I wonder how many email address that site records itself? - That would also be just as valuable to spammers given that the addresses are voluntarily handed over..

Interestingly it claims my address was also found in a linked.in breach. Funny thing being i'm not a linked.in member.

I need a new signature... i'm bored of the old one!
rongtw
Seasoned Hero
Posts: 6,329
Thanks: 1,154
Fixes: 11
Registered: 01-12-2010

Re: Might be a good idea to change passwords

@7up  from their site ,

Is anything logged when people search for an account?

Nothing is explicitly logged by the website. The only logging of any kind is via Google Analytics and NewRelic performance monitoring and any diagnostic data implicitly collected if an exception occurs in the system.

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Community Veteran
Posts: 13,923
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Might be a good idea to change passwords

Thats a good point!

The sky is red... doesn't mean it actually is but i can still make that claim!

I need a new signature... i'm bored of the old one!
DaveyH
Pro
Posts: 1,295
Thanks: 179
Fixes: 7
Registered: 15-11-2012

Re: Might be a good idea to change passwords


7up wrote:

Members of the public can check if their accounts have been affected via the Have I Been Pwned service.

I wonder how many email address that site records itself? - That would also be just as valuable to spammers given that the addresses are voluntarily handed over..

Interestingly it claims my address was also found in a linked.in breach. Funny thing being i'm not a linked.in member.


 

More conspiracy theorist nut jobbery!

 

Do some research on Troy Hunt...

rongtw
Seasoned Hero
Posts: 6,329
Thanks: 1,154
Fixes: 11
Registered: 01-12-2010

Re: Might be a good idea to change passwords

Do you mean this Troy Hunt @DaveyH Thumbs Up

https://www.troyhunt.com/

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
DaveyH
Pro
Posts: 1,295
Thanks: 179
Fixes: 7
Registered: 15-11-2012

Re: Might be a good idea to change passwords

Yes. He's behind Have I Been Pwnd, is highly respected in security circles...

Community Veteran
Posts: 4,598
Thanks: 753
Fixes: 3
Registered: 06-11-2014

Re: Might be a good idea to change passwords

Great, my yahoo address is also in that pwned site's list (twice, first was the 000webhost hack, and now this), good job the spam is so easy to spot it lands straight into my spam filter...

Moderator
Moderator
Posts: 16,561
Thanks: 1,801
Fixes: 125
Registered: 06-04-2007

Re: Might be a good idea to change passwords

I tend to treat all unexpected emails as potential spam until I have checked things.

 

Even then I am still cautious.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Steve
Seasoned Pro
Posts: 6,683
Thanks: 248
Registered: 13-07-2009

Re: Might be a good idea to change passwords

Just checked my Yahoo email address. About 4 breaches. Last FM, Linux Mint website, Avast antivirus, and something else. Good job I use my Yahoo email address for just about everything online now and don't use my personal email anywhere.

Community Veteran
Posts: 13,923
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Might be a good idea to change passwords


DaveyH wrote:

7up wrote:

Members of the public can check if their accounts have been affected via the Have I Been Pwned service.

I wonder how many email address that site records itself? - That would also be just as valuable to spammers given that the addresses are voluntarily handed over..

Interestingly it claims my address was also found in a linked.in breach. Funny thing being i'm not a linked.in member.


 

More conspiracy theorist nut jobbery!

 

Do some research on Troy Hunt...


Call it what you like. Troy Hunt may well be respected in security circles.. but then do respectable people go buying entire databases of stolen information from dodgy people? - I wouldn't. He clearly has some dodgy contacts in order to do what he does.

Oh and lets not forget the guy who saved the NHS from its crippling malware attack... and then got nabbed by the FBI Roll eyes Or am I imagining all the news stories about his arrest?

At the end of the day, that have i been pwned site is holding a lot of email addresses with no legitimate reason - and could potentially be logging others that it has never seen. It's not being held accountable by any data protection enforcement and appears to be a law unto itself.

I need a new signature... i'm bored of the old one!