Have You Been Pwned? <- great resource for all

in #security8 years ago (edited)

This is a great website that should be in everyone's bookmarks


The website below is ran by Troy Hunt a Microsoft Regional Director and MVP.

haveibeenpwned.com

It functions as a portal for you to check if your data has been leaked in previous data breaches; When a data breach goes public they index the list and provide a method for you to search to see if your accounts have been breached; keeps you out of the dirty corners of the internet.

Some of the bigger breachers are:

  • 164,611,595 LinkedIn accounts
  • 152,445,165 Adobe accounts
  • 30,811,934 Ashley Madison accounts
  • 27,393,015 Mate1.com accounts
  • 13,545,468 000webhost accounts
  • 13,186,088 R2Games accounts

Some other interesting breaches are:

  • 4,789,599 Bitcoin Security Forum Gmail Dump accounts
  • 4,609,615 Snapchat accounts
  • 1,580,933 Dungeons & Dragons Online accounts
  • 1,057,819 Forbes accounts
  • 227,746 Cannabis.com accounts
    and many more

If you find yourself on this list i hope you use strong password that are not common with other account you hold; generally people will gain access to these list and attempt to crack the encrypted passwords (which is sometimes harder than other) then use those credential on a whole range of account to attempt to get further access to your digital life.

8 years ago in #security by
$11.93
  • Past Payouts $11.93, 0.00 TRX
  • - Author $5.98, 0.00 TRX
  • - Curators $5.96, 0.00 TRX
23 votes
Reply 3
Sort:  
  • Trending
    • [-]
     8 years ago (edited)

    Oh no — pwned!
    Pwned on 4 breached sites and found no pastes

    Now I know what i'm doing today.

    [-]
     8 years ago 

    yeah its bad feeling; i got stung on the latest linkedin leak from 2012 :(

    luckily for me i use a password managers and don't even know my own passwords; can be a pain in the arse because you can never login to anything unless you have your password manger handy but i prefer it that way. Also if you go down that path make sure you have really thought out you backup procedure and ensure you have 3 copy's that are frequently updated and stored in geographically separated locations! otherwise one day it might all come tumbling down very quickly

    some people use a password system which is a set of rule that allows them to generate password in their mind; i don't mind that idea either; just never sat down and tried to nut out good rule that would generate good passwords that could be recalled when i need them.

    Any one use a password System and care to share generic/modified details of such a system for the benefit of the community?

    [-]
     8 years ago (edited)

    I'm using a password manager with random generated password and 2FA for my most critical account (like email or amazon)
    Then I have several password that I kind of reuse depending on the service I'm registering to. All being derived from an old 8 random characters password dating from my first internet connection 20 years ago.

    The system I'm using account that don't old any important information is as follow:
    8-10 letter/number password + (special character) + n first letter of the neme of the website I'm on starting wih a capital letter.

    It looks something like : g3n3r1cp4s%Steemi

    • It's good because it's easy to remember once you remember the first part.
    • You have your number, special character and capital letter that most password rule ask for
    • Decent strength against brute force attack.

    Of course if you get infected with a keylogger you're screwed.

    That's why I never use it for any account with sensitive information and wouldn't recommend if for anything that you don't really care being hacked.

    Coin Marketplace

    STEEM 0.16
    TRX 0.15
    JST 0.028
    BTC 59220.04
    ETH 2316.03
    USDT 1.00
    SBD 2.51