(Topic ID: 294798)

Pinside data leak?

By Luckydogg420

8 days ago


Topic Heartbeat

Topic Stats

  • 41 posts
  • 26 Pinsiders participating
  • Latest reply 6 days ago by alexanr1
  • Topic is favorited by 2 Pinsiders

You

Linked Games

No games have been linked to this topic.

    Topic Gallery

    View topic image gallery

    AF9D6F4B-73A2-4B83-8D4B-7F024184F134 (resized).jpeg
    88845D3A-CFDF-40C0-BE67-0A66EDD5B065 (resized).jpeg
    33C733BF-ADB6-48A8-B71A-3761482636AA (resized).jpeg
    1C033E80-64EC-47A2-BD65-CF486822BDAD (resized).png

    #1 8 days ago

    I just received this on my iPad. So I immediately changed my email and password. Did anyone else receive a notice like this?

    1C033E80-64EC-47A2-BD65-CF486822BDAD (resized).png
    #2 8 days ago

    I had the same login on a couple other sites. Maybe it was from somewhere else, I’d just like people to be safe

    #3 8 days ago

    https://haveibeenpwned.com/

    Check your email address there to see what may have compromised it.

    Quoted from Luckydogg420:

    I had the same login on a couple other sites.

    That is probably the problem right there. Always use a unique password for every individual account that you have. Otherwise, when a breach happens, all your accounts get comprimised--not just one.

    What you were doing is a hacker's gold mine.

    #4 8 days ago

    Unfortunately security is as strong as the weakest link. Some obscure web store that makes you create an account got hacked, stored passwords improperly (they should not store your password!), and now your email + password combo is out there.

    I now avoid creating an account and use guest checkout if possible, and use PayPal rather than directly entering my card info.

    The browser checks your saved passwords and hooks into the datasets mentioned by ForceFlow to alert you. Great feature.

    #5 8 days ago

    I would recommend a Password Manager, I use Keeper free version (limited to 1 device) as most of my online activity is off just my laptop. There are many others out there. As dr_nybble pointed out, it only takes one obscure website getting hacked to get your information out there and I was very careful with my banking, credit card , brokerage passwords but very lazy with my one-off online purchases of tools, vacuum cleaner bags etc so I was compromised.

    Last audit I had over 250 passwords saved and only about 50 of them are 'secure + unique' so I have been changing them over using Keeper generated passwords a couple a day when I think about it

    #6 8 days ago

    If I do anything obnoxious around here, just assume that my account was hacked.

    #7 8 days ago
    Quoted from ForceFlow:

    https://haveibeenpwned.com/
    Check your email address there to see what may have compromised it.

    Thanks for the link.

    #8 8 days ago

    With all due respect to ForceFlow that link is pretty much useless. Everyone should be taking online security serious regardless if your email shows on that site or not - the steps to protect yourself are the same for both groups.

    #9 8 days ago

    To warn everybody right before it happens This is what a “Data leak” looks like:

    33C733BF-ADB6-48A8-B71A-3761482636AA (resized).jpeg
    #10 8 days ago
    Quoted from ForceFlow:

    Check your email address there to see what may have compromised it.

    Ya. Several times. The 1st time was the big Playstation store leak yeats ago.

    Quoted from ForceFlow:

    That is probably the problem right there. Always use a unique password for every individual account that you have. Otherwise, when a breach happens, all your accounts get comprimised--not just one.

    I have several tiers of passwords and emails. Things like banking i take more serious then a chat group. But I have changed emails and passwords multiple time in the last couple years. Its hard to remember to change information everywhere you visit.

    #11 8 days ago

    I recently created a seperate email for anything financial related and created different logins/pw for financial stuff. if someone got my login/pw from a site I used 4 years ago as long as that login/pw isnt being used anywhere else currently Im not incredibly concerned. Just keep social/financial stuff seperate.

    #12 8 days ago

    I cant express this enough... USE A PASSWORD MANAGER. I use 1Password. Not a single account shares a password with another account. It's the only way to avoid multiple accounts being compromised at once.

    #13 8 days ago
    Quoted from TheProgrammer:

    I cant express this enough... USE A PASSWORD MANAGER. I use 1Password. Not a single account shares a password with another account. It's the only way to avoid multiple accounts being compromised at once.

    I agree with this for the most part. I would add that you really should find a Password manager that does 2FA. If your password manager password is compromised, so are all of the passwords and accounts in it.

    #14 8 days ago
    Quoted from dr_nybble:

    The browser checks your saved passwords and hooks into the datasets mentioned by ForceFlow to alert you. Great feature.

    I'm not convinced that sharing your password like that with a 3rd party is a good idea.

    #15 8 days ago

    2FA preferably an autenticator is the way to go on all sensitive stuff imo. Im not an expert or anything but have heard sms 2fa can be bypassed through sim swapping.

    #16 8 days ago
    Quoted from ForceFlow:

    I'm not convinced that sharing your password like that with a 3rd party is a good idea.

    Please have a look at: https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html

    You don't share your passwords with Google et al.

    #17 8 days ago
    Quoted from TheProgrammer:

    I cant express this enough... USE A PASSWORD MANAGER. I use 1Password. Not a single account shares a password with another account. It's the only way to avoid multiple accounts being compromised at once.

    +1 on 1Password. Fantastic manager and good utilities and secure storage.

    #18 8 days ago
    Quoted from ForceFlow:

    I'm not convinced that sharing your password like that with a 3rd party is a good idea.

    Nothing is perfect, but there are well known, well documented password managers out there, and for MOST people, it's going to be far more secure than getting grabbed by a keylogger, or using the same password everywhere.

    2FA using a security token, NOT SMS (as was mentioned above) is still better, though......if it's an option. Lots of sites don't offer it.

    #19 8 days ago

    Also recommend 1password. I have over 1500 logins, all different and don't know a single one.

    #20 8 days ago

    I recently changed my mountain of passwords and increased all financial security, and reviewed my added cyber theft insurance on my homeowners policy.
    None of that was because of the news.
    Mostly , it was a site that spoofed usps.gov, and received data that my wife fell into.
    Thank being said, all we can do, whatever path you take should be done for peace of mind.
    From one of our countries leading cybersecurity leaders is the statement,
    " almost everyone should assume that their personal data has already been hacked"
    That's a bit scary.

    #21 8 days ago
    Quoted from avspin:

    Also recommend 1password. I have over 1500 logins, all different and don't know a single one.

    I don’t understand how this is possible is it an app or something through iPhone that stores passwords?

    #22 8 days ago
    Quoted from avspin:

    Also recommend 1password. I have over 1500 logins, all different and don't know a single one.

    Holy crap that’s a lot of <1 year shill accounts on Pinside!!!!

    #23 8 days ago
    Quoted from Concretehardt:

    I don’t understand how this is possible is it an app or something through iPhone that stores passwords?

    It's an app that runs on Android, iOS, Windows and Mac, and supports auto-fill and such, so like on your phone when you get to the Pinside login page, you tape the login box, 1Pass will let you select your user that you want, and autofill it. And that's just the basic usage. There's a LOT others. Including a really nice customize-able password generator.

    #24 7 days ago
    Quoted from Concretehardt:

    I don’t understand how this is possible is it an app or something through iPhone that stores passwords?

    I have an app on my android phone, ipad, laptop and desktop. I can also log into it remotely. All synced.

    #25 7 days ago
    Quoted from Coyote:

    It's an app that runs on Android, iOS, Windows and Mac, and supports auto-fill and such, so like on your phone when you get to the Pinside login page, you tape the login box, 1Pass will let you select your user that you want, and autofill it. And that's just the basic usage. There's a LOT others. Including a really nice customize-able password generator.

    So what happens if 1Pass gets hacked? Could someone potentially have access to all of your accounts in that scenario?

    #26 7 days ago
    Quoted from avspin:

    I have an app on my android phone, ipad, laptop and desktop. I can also log into it remotely. All synced.

    And all vulnerable to attack from anyone on the internet.

    Minimize the information you provide. Use bugmenot to log in places that demand an account but provide no value to having one.

    It’s an impossible problem at the moment. If you’re diligent about not re-using credentials you have too many accounts to remember. If you use a password manager you’re vulnerable because you have to sync the password database across multiple devices.

    Hardware tokens are great but not supported everywhere and only as secure as the reset process that usually will involve tricking a human. Still worth having them. Yubikey https://www.yubico.com/ and Onlykey https://onlykey.io/ are good options. Search for hardware token, lots of choices.

    #27 7 days ago
    Quoted from snakesnsparklers:

    So what happens if 1Pass gets hacked? Could someone potentially have access to all of your accounts in that scenario?

    PROBABLY not. Even if 1pass stores them in the cloud they should be storing hashes, not passwords.

    But there are many ways to do it wrong. And new attacks happening as technology and methodology improves.

    #28 7 days ago
    Quoted from snakesnsparklers:

    So what happens if 1Pass gets hacked? Could someone potentially have access to all of your accounts in that scenario?

    1Password uses multiple keys in their security protocol. One “secret key” that they give you and you’re asked to print out and store somewhere secret in your home. And one master password that you provide. If you forget or lose either of these, nobody, not even 1Password can access them.

    So essentially as long as you at least keep your secret key hidden somewhere and nobody ever finds it, your passwords should be safe from being hacked by anyone. (At least that’s the idea)

    #29 7 days ago

    If for any reason I start making intelligent posts on pinside please let me know, more than likely I’ve been hacked.

    #30 7 days ago

    I always use 2 factor identification whenever possible

    #31 7 days ago
    Quoted from EJS:

    If for any reason I start making intelligent posts on pinside please let me know, more than likely I’ve been hacked.

    Darn. I really thought those nudes were you. They had mortarboards though. Must have been fake.

    LTG : )

    #32 7 days ago

    A few years ago, I had one of the guys I know show me what the dark web marketplaces actually looked like. Basically they have classified ads for bulk usernames and passwords and the associated websites. You could buy 1000 ebay accounts and passwords for $25. They had thousands of websites to choose from, and you could buy any number of username&password combinations you wanted to.

    It was scary...

    #33 7 days ago
    Quoted from Markharris2000:

    You could buy 1000 ebay accounts and passwords for $25. They had thousands of websites to choose from, and you could buy any number of username&password combinations you wanted to.
    It was scary...

    That sounds awful. Do you remember the link so that I’ll know to avoid it?

    #34 7 days ago

    I use the best, most secure memory bank available on the market….

    AF9D6F4B-73A2-4B83-8D4B-7F024184F134 (resized).jpeg

    Followed by the most effective technological advanced invention known to man….

    88845D3A-CFDF-40C0-BE67-0A66EDD5B065 (resized).jpeg

    #35 7 days ago

    Your password and email has been compromised stolen over the past couple years. (Almost guaranteed, with all of the breaches)

    All that is happening is a comparison with your passwords saved on your Apple device to a repository of compromised passwords and if a match is made it’s letting you know that the email and password combination is available on a list and to change it based on this.

    It doesn’t mean Pinside had a breach.

    #36 7 days ago

    Honestly, I am more concerned with the new ocean alert. A new ocean didn’t spawn out of nothingness. Taking away planets, adding oceans, seems like certain types of “scientists” are more concerned with relabeling established reality than actually making efforts towards discovery. In all honesty, there are a lot of unintelligent non-serious people in science and they are mostly blind to their innate non-scientific bias.

    I find it both amusing and sad when I hear definitive proclamations regarding speculation related to complex systems like “the science is settled”, “science is absolute”, and “there is a scientific consensus” (all of which are unscientific by definition), and then out of the other side of their mouths they are basically implying they think all scientists before them were idiots who thought we had four oceans and nine planets. It sort of begs the question of how long it will be before the next generation will come along who consider these to be relative imbeciles.

    For those who may be downvoting, my arguments are not against science as I am actually pro-science in my beliefs. My issue is with "scientists" who have allowed political ideology and other influences cloud their logic and conclusions. Science should always be driven by unfiltered logic towards discovery and progressing humankind forward, and conducted not with arrogance but with awe and wonder. Mathematics, chemistry, physics, engineering, etc. are all fields that I'm fascinated by where science is geared towards challenging the status quo and common knowledge to find evidence that might prove it false and to better define/explain the world around us. However, my attitude towards the pseudo sciences is fairly critical. One quick example of this is that you can find published reports on nearly any pseudo science topic that have contradictory conclusions. Typically, all you have to do is look at the funding source for the study or the origin of the group performing the study, and the conclusion will be pre-determined based on that bias.

    Would love to openly discuss opinions, but probably the wrong place for an open analysis on the topic.

    #37 7 days ago
    Quoted from alexanr1:

    passwords saved on your Apple device

    Oh - but I have been told for years by Apple 'fan bois' that it's IMPOSSIBLE for Apple products to get viruses, be hacked, blah blah blah.

    Turns out they are just as vulnerable as any other brand product. Who would have thought.

    I can't for the life of me work out why people are still willing to give this company "over the odds money" for products that clearly, and by many definitions, are far from "superior" as many try to make out?

    #39 7 days ago
    Quoted from pins4u:

    Oh - but I have been told for years by Apple 'fan bois' that it's IMPOSSIBLE for Apple products to get viruses, be hacked, blah blah blah.
    Turns out they are just as vulnerable as any other brand product. Who would have thought.
    I can't for the life of me work out why people are still willing to give this company "over the odds money" for products that clearly, and by many definitions, are far from "superior" as many try to make out?

    The core of the argument is why focus efforts on 10% of the the personal computer market when the other 90% is what runs the world (servers, business, finance, etc.) In other words, it has never been an issue of vulnerability, rather, opportunity for the hackers.

    However, with mobile devices taking over the world you can guarantee that both iOS and Android platforms are target rich environments.

    #40 7 days ago

    I think most importantly is regardless of what device you use to connect to any website, once you have an account on a website, your username and password can be leaked in a security breach. Breaches happen every week somewhere in the world. Bigger ones showup on CNN and the WSJ and FT. Breaches are why BILLIONS of usernames and passwords are floating around and available to be purchased.

    The hackers also try to trick you into revealing your details with malware on your device, but they know they can also just buy a 10-thousand usernames/passwords from the dark web and try them all.... ouch!

    In the end, bad actors use all kinds of mechanisms to try to gain access to your accounts!

    #41 6 days ago
    Quoted from pins4u:

    Oh - but I have been told for years by Apple 'fan bois' that it's IMPOSSIBLE for Apple products to get viruses, be hacked, blah blah blah.
    Turns out they are just as vulnerable as any other brand product. Who would have thought.
    I can't for the life of me work out why people are still willing to give this company "over the odds money" for products that clearly, and by many definitions, are far from "superior" as many try to make out?

    I think you misunderstood me, it had nothing to do with Apple. It’s a data breach at an online site. The data is then filtered on the dark web for hackers etc… to use. Good companies (Apple, Microsoft, etc…) get access to the data as well and use it to warn its user base if a password is published on the dark web. If you use the Apple function to store your passwords to make logging in easy, Apple compares your stored passwords against that file and let’s you know if it’s on the dark web (compromised). It’s passwords to things like your bank accounts, etc…

    It has nothing to do with Apple devices and security risks with Apple products.

    Hey there! Got a moment?

    Great to see you're enjoying Pinside! Did you know Pinside is able to run thanks to donations from our visitors? Please donate to Pinside, support the site and get anext to your username to show for it! Donate to Pinside