Somebody has been hacked

FloridaYankee · 2018-09-30T17:32:04.266Z

Either this place or

Etsy or

SETI@home

has been hacked. I recently received a phishing email purportedly from my own email address saying my email has been hacked and as proof they said my password is ***********

But that is not my email password. It is however my password for these forums and the other two places I mentioned. In order for someone to get that password they would have had to hack one of the three places. SETI is run by high tech wizards so it seems unlikely, though security might not be as high on their list as one might hope given that they don’t deal with financial information.

Etsy deals with many millions of dollars a day and has tons of very sensitive information on a lot of people and would be extremely security conscious. Also, I think I would have heard if they were hacked, that kind of stuff is big news.

That makes the Hannity forums the most likely candidate. I can’t say for sure of course, but those are the only three places where I use that password.

Kyshia · 2018-09-30T17:44:44.555Z

This happened to me a few months ago. The email was long and talked about my “secrets,” of which I have none that are significant or surprising. The person asked for $3,900 in bitcoin not to release video of my secrets.

After a google search, I found out that this relates to a past data breach from 2010ish on some sites. They showed me an old password of mine that I don’t use anymore as proof that I should be desperate.

After another google search, the advice that I got was simple:

Ignore the email.
Update all passwords.

The only way that you end up getting conned is if you engage with them.

The email was likely automated spam sent to thousands or millions of people. They’re just hoping that you get scared and get in touch with them.

FloridaYankee · 2018-09-30T17:49:47.626Z

Ha, mine only wanted $700 but it’s basically the same thing though it was not a long message at all but rather brief. I might have had one or two other places using that password back than though, I’m not sure. It was never my email password though, which is a good thing or I would’ve really thought I’d been hacked.

goodbyte · 2018-10-01T00:03:20.546Z

There a site that you can use to check which accounts (given an e-mail address) have been compromised in the past:

https://haveibeenpwned.com/

I also received one of these today actually, but I use unique passwords and the source of the leak was LinkedIn.

FloridaYankee · 2018-10-01T02:02:18.787Z

Thank you!

I’ll report back results of my subsequent research tomorrow or so.

JayJay · 2018-10-01T13:19:50.915Z

goodbyte:

There a site that you can use to check which accounts (given an e-mail address) have been compromised in the past:

https://haveibeenpwned.com/

I also received one of these today actually, but I use unique passwords and the source of the leak was LinkedIn.

How does that sote work?

I gave it one e-mail address and it said I had been “pwned” on 6 sites…five of which I had never been to.

WorldWatcher · 2018-10-01T13:55:31.598Z

.>
.
.
.
I work in HR as the Department Database guy and of course my wife and I have many accounts. Last time I counted we had something like 200-300 logins for both work and home.

A few years ago I started using account/password management software. The one I use is called “1Password”, when we got it we paid a one time life-time fee, now I think they use a subscription model but it is still very reasonable.

We have the app on computers (desktop & laptop), tablets, and our phones. Used 256 byte encryption and backups are stored (encrypted) online so if a device dies you don’t loose your date. If you enter a login on one device it is instantly available on all devices.

Why is this important?

It allows me to have different, easy to access, passwords FOR EACH AND EVERY ACCOUNT that are different. It - of course - has a secure password generator to create once like “M2WgwvKhQ8VxGPyY” instead of using something easy to remember because it is very easy to copy and paste instead of remembering.

(Disclaimer: While it doesn’t provide 100% online security, it does add another layer by having different/complex passwords for each account - especially those that are financial in nature.)

I highly recommend that everyone use some form of password management tool that allows for secure storage of different information for different accounts.

(This was also a godsend about a year ago when we moved from cable to FIOS as all of our personal accounts were based on our cable companies email which went away. It gave us a great list of those accounts we needed to go back and update with a new email.)

.>>>>

goodbyte · 2018-10-01T14:46:10.766Z

JayJay:

How does that sote work?

It doesn’t do anything fancy. There are data sets from different data breaches with e-mail addresses. The site has just indexed these to let you know which data sets that address appears in. If you were sufficiently motivated, you could find and download the data set yourself and do a CTRL+F inside it (though sometimes they are several gigabytes).

The data sets are not just from websites you have signed up from. For example, one way to end up in a data set is if a company sells your information to another company (for say, a mailing list).

Also, a data breach isn’t just considered just a login and password. It could also be your e-mail and zip code, e-mail and last four digits of a credit card number, or some other data which was tied to your identity.