Have You Been Pwned? <- great resource for all

in #security9 years ago (edited)

This is a great website that should be in everyone's bookmarks


The website below is ran by Troy Hunt a Microsoft Regional Director and MVP.

haveibeenpwned.com

It functions as a portal for you to check if your data has been leaked in previous data breaches; When a data breach goes public they index the list and provide a method for you to search to see if your accounts have been breached; keeps you out of the dirty corners of the internet.

Some of the bigger breachers are:

  • 164,611,595 LinkedIn accounts
  • 152,445,165 Adobe accounts
  • 30,811,934 Ashley Madison accounts
  • 27,393,015 Mate1.com accounts
  • 13,545,468 000webhost accounts
  • 13,186,088 R2Games accounts

Some other interesting breaches are:

  • 4,789,599 Bitcoin Security Forum Gmail Dump accounts
  • 4,609,615 Snapchat accounts
  • 1,580,933 Dungeons & Dragons Online accounts
  • 1,057,819 Forbes accounts
  • 227,746 Cannabis.com accounts
    and many more

If you find yourself on this list i hope you use strong password that are not common with other account you hold; generally people will gain access to these list and attempt to crack the encrypted passwords (which is sometimes harder than other) then use those credential on a whole range of account to attempt to get further access to your digital life.

9 years ago in #security by
$11.93
  • Past Payouts $11.93
  • - Author $5.98
  • - Curators $5.96
14 votes
Reply 3
Sort:  
  • Trending
    • [-]
     9 years ago (edited) 

    Oh no — pwned!
    Pwned on 4 breached sites and found no pastes

    Now I know what i'm doing today.

    [-]
     9 years ago  

    yeah its bad feeling; i got stung on the latest linkedin leak from 2012 :(

    luckily for me i use a password managers and don't even know my own passwords; can be a pain in the arse because you can never login to anything unless you have your password manger handy but i prefer it that way. Also if you go down that path make sure you have really thought out you backup procedure and ensure you have 3 copy's that are frequently updated and stored in geographically separated locations! otherwise one day it might all come tumbling down very quickly

    some people use a password system which is a set of rule that allows them to generate password in their mind; i don't mind that idea either; just never sat down and tried to nut out good rule that would generate good passwords that could be recalled when i need them.

    Any one use a password System and care to share generic/modified details of such a system for the benefit of the community?

    [-]
     9 years ago (edited) 

    I'm using a password manager with random generated password and 2FA for my most critical account (like email or amazon)
    Then I have several password that I kind of reuse depending on the service I'm registering to. All being derived from an old 8 random characters password dating from my first internet connection 20 years ago.

    The system I'm using account that don't old any important information is as follow:
    8-10 letter/number password + (special character) + n first letter of the neme of the website I'm on starting wih a capital letter.

    It looks something like : g3n3r1cp4s%Steemi

    • It's good because it's easy to remember once you remember the first part.
    • You have your number, special character and capital letter that most password rule ask for
    • Decent strength against brute force attack.

    Of course if you get infected with a keylogger you're screwed.

    That's why I never use it for any account with sensitive information and wouldn't recommend if for anything that you don't really care being hacked.