No. of Recommendations: 0
ALL OF YOUR PASSWORDS and or consider getting new e-mail accounts!

https://gizmodo.com/mother-of-all-breaches-exposes-773-milli...

HereIGo
Print the post Back To Top
No. of Recommendations: 1
This looks like panic-mongering to me, as it contains no hint of where the alleged hacked passwords were gotten FROM.

That kinda matters - if (completely made up example) it was from Twitter, I am not concerned at all about my security because I've never had a Twitter account. Lots of other people also have never had an account there.
Print the post Back To Top
No. of Recommendations: 1
This looks like panic-mongering to me, as it contains no hint of where the alleged hacked passwords were gotten FROM.

I agree. To get e-mail passwords and addresses, you need to hack one source at a time. You can't get Outlook dot com and icloud dot com and gmail dot com and all kinds of other e-mail hosting places in a single breach.

Later down in the article, it did say that this is an accumulation of multiple data breaches from 2 to 3 years ago. So it's not really breaking news.

I'm also concerned about the web site they link to so you can see if you are in this breach. Is it a legit site, or is it just hackers trying to tie a few pieces together? How can you tell?

--Peter
Print the post Back To Top
No. of Recommendations: 0
... as it contains no hint of where the alleged hacked passwords were gotten FROM.

That kinda matters


It sure does. Not long ago I had changed passwords on sites that had notified me of password breaches, so now I don't know if the breached passwords are from sites I had already changed my passwords on, or other sites.

Since I use a password manager and most of my passwords are different, my exposure would be limited to individual sites ... unless it is my email account (often used for password recovery, meaning, once one has taken over my email, they can use the "I forgot my password" links on other sites).

Those who use the same passwords on multiple sites are probably more at risk, as are those who use the "Login with Google" or "Login with Facebook" links.
Print the post Back To Top
No. of Recommendations: 6
I agree. To get e-mail passwords and addresses, you need to hack one source at a time. You can't get Outlook dot com and icloud dot com and gmail dot com and all kinds of other e-mail hosting places in a single breach.

Instead of reading the article from gizmodo, you can visit Troy Hunt's blog post that the article is based off of.

https://www.troyhunt.com/the-773-million-record-collection-1...

I get two main things from the blog post. One is that the concern is credential stuffing. That's where they take a stolen email and password combo and use those credentials to access other sites. For example, you may use PeterTMF@gmail.com and password123 to access this website. If this website was one of the hacked, they may try the above email address and password at websites like citibank.com to see if they can get account access there.

I can see that as a real danger because I'm guilty myself of using the same email address for my sign-in at other websites and reuse the same password associated with the email account. Yes, I have not been practicing safe computing.

The second thing I gain from his blog post is that it seems like one big advertisement for 1Password.

PSU
Print the post Back To Top
No. of Recommendations: 0
This looks like panic-mongering to me, as it contains no hint of where the alleged hacked passwords were gotten FROM.

This is supposed to be the list of websites that were compromised.

https://pastebin.com/UsxU4gXA
Print the post Back To Top
No. of Recommendations: 1
I can see that as a real danger because I'm guilty myself of using the same email address for my sign-in at other websites and reuse the same password associated with the email account. Yes, I have not been practicing safe computing.

For years, for countless sites that really didn't matter, I used the same password. I stopped doing that a few years ago but I didn't go back and change them.

A few months ago I started getting emails with that password in the Subject, telling me that they hacked my computer and made videos of me doing nasty things, and all I had to do was pay them not to publish the videos. (I use a desktop system without a camera.)

So one or more sites where I used that password were hacked, and whoever bought the results figured on scaring the dickens out of people and maybe a few would pay.

I ignored them, of course. Except that I did change the password on many of the sites that still had that one.
Print the post Back To Top
No. of Recommendations: 0
First off, if you type one of your e-mails into his site where he has all of the e-mails, it will tell you exactly where your e-mail account / password credentials are from. In my case my junk e-mail account (@yahoo) was found in 15 different hacks.

Second... Like PSU said... where this information gets interesting is where people use the same e-mail / password combination across sites. The hacker can then use it to gain access to different sites. So unless you're using a hashed set of 15 to 20 character passwords unique to EVERY site, this is a problem for the common user. I know I'm guilty and trying to get better about it, but for most people this isn't "panic-mongering" as you call it. I know someone who uses the exact same password for EVERY site. Just not safe and this aggregation proves it.

Yes, his site is full of adds for Password storage tools and not recommended by my security teams for multiple reasons and not allowed where I work.

HereIGo
Print the post Back To Top
No. of Recommendations: 3
but for most people this isn't "panic-mongering" as you call it.

A scare headline and a scare article without the information a person would need in order to determine whether or not it applies to them, is panic-mongering. No matter how real the actual threat is.
Print the post Back To Top
No. of Recommendations: 1
The alternative is to have different, complicated passwords for each website. And to write them down in several locations so that someone can easily take the information and impersonate you.

I'm currently dealing with a computer system that pointsm with pride at their compulsory security. Each of several stages requires different user names and complicated passwords and such, and the result is that the system borders on being unusable AND I have several different places that I record all the gibberish so that someone else can easily steal it and use it.


Seattle Pioneer
Print the post Back To Top
No. of Recommendations: 3
The alternative is to have different, complicated passwords for each website. And to write them down in several locations so that someone can easily take the information and impersonate you.

I'm currently dealing with a computer system that pointsm with pride at their compulsory security. Each of several stages requires different user names and complicated passwords and such, and the result is that the system borders on being unusable AND I have several different places that I record all the gibberish so that someone else can easily steal it and use it


It's time to use a password manager.

George
Print the post Back To Top