https://haveibeenpwned.com/

Check your email address there to see what may have compromised it.

That is probably the problem right there. Always use a unique password for every individual account that you have. Otherwise, when a breach happens, all your accounts get comprimised--not just one.

What you were doing is a hacker's gold mine.

Unfortunately security is as strong as the weakest link. Some obscure web store that makes you create an account got hacked, stored passwords improperly (they should not store your password!), and now your email + password combo is out there.

I now avoid creating an account and use guest checkout if possible, and use PayPal rather than directly entering my card info.

The browser checks your saved passwords and hooks into the datasets mentioned by ForceFlow to alert you. Great feature.

I would recommend a Password Manager, I use Keeper free version (limited to 1 device) as most of my online activity is off just my laptop. There are many others out there. As dr_nybble pointed out, it only takes one obscure website getting hacked to get your information out there and I was very careful with my banking, credit card , brokerage passwords but very lazy with my one-off online purchases of tools, vacuum cleaner bags etc so I was compromised.

Last audit I had over 250 passwords saved and only about 50 of them are 'secure + unique' so I have been changing them over using Keeper generated passwords a couple a day when I think about it

If I do anything obnoxious around here, just assume that my account was hacked.

Thanks for the link.

With all due respect to ForceFlow that link is pretty much useless. Everyone should be taking online security serious regardless if your email shows on that site or not - the steps to protect yourself are the same for both groups.

To warn everybody right before it happens This is what a “Data leak” looks like:

33C733BF-ADB6-48A8-B71A-3761482636AA (resized).jpeg

I recently created a seperate email for anything financial related and created different logins/pw for financial stuff. if someone got my login/pw from a site I used 4 years ago as long as that login/pw isnt being used anywhere else currently Im not incredibly concerned. Just keep social/financial stuff seperate.

I cant express this enough... USE A PASSWORD MANAGER. I use 1Password. Not a single account shares a password with another account. It's the only way to avoid multiple accounts being compromised at once.

I agree with this for the most part. I would add that you really should find a Password manager that does 2FA. If your password manager password is compromised, so are all of the passwords and accounts in it.

I'm not convinced that sharing your password like that with a 3rd party is a good idea.

2FA preferably an autenticator is the way to go on all sensitive stuff imo. Im not an expert or anything but have heard sms 2fa can be bypassed through sim swapping.

Please have a look at: https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html

You don't share your passwords with Google et al.

+1 on 1Password. Fantastic manager and good utilities and secure storage.

Nothing is perfect, but there are well known, well documented password managers out there, and for MOST people, it's going to be far more secure than getting grabbed by a keylogger, or using the same password everywhere.

2FA using a security token, NOT SMS (as was mentioned above) is still better, though......if it's an option. Lots of sites don't offer it.

Also recommend 1password. I have over 1500 logins, all different and don't know a single one.

I recently changed my mountain of passwords and increased all financial security, and reviewed my added cyber theft insurance on my homeowners policy.
None of that was because of the news.
Mostly , it was a site that spoofed usps.gov, and received data that my wife fell into.
Thank being said, all we can do, whatever path you take should be done for peace of mind.
From one of our countries leading cybersecurity leaders is the statement,
" almost everyone should assume that their personal data has already been hacked"
That's a bit scary.

I don’t understand how this is possible is it an app or something through iPhone that stores passwords?

Holy crap that’s a lot of <1 year shill accounts on Pinside!!!!

It's an app that runs on Android, iOS, Windows and Mac, and supports auto-fill and such, so like on your phone when you get to the Pinside login page, you tape the login box, 1Pass will let you select your user that you want, and autofill it. And that's just the basic usage. There's a LOT others. Including a really nice customize-able password generator.

I have an app on my android phone, ipad, laptop and desktop. I can also log into it remotely. All synced.

So what happens if 1Pass gets hacked? Could someone potentially have access to all of your accounts in that scenario?

And all vulnerable to attack from anyone on the internet.

Minimize the information you provide. Use bugmenot to log in places that demand an account but provide no value to having one.

It’s an impossible problem at the moment. If you’re diligent about not re-using credentials you have too many accounts to remember. If you use a password manager you’re vulnerable because you have to sync the password database across multiple devices.

Hardware tokens are great but not supported everywhere and only as secure as the reset process that usually will involve tricking a human. Still worth having them. Yubikey https://www.yubico.com/ and Onlykey https://onlykey.io/ are good options. Search for hardware token, lots of choices.

PROBABLY not. Even if 1pass stores them in the cloud they should be storing hashes, not passwords.

But there are many ways to do it wrong. And new attacks happening as technology and methodology improves.

1Password uses multiple keys in their security protocol. One “secret key” that they give you and you’re asked to print out and store somewhere secret in your home. And one master password that you provide. If you forget or lose either of these, nobody, not even 1Password can access them.

So essentially as long as you at least keep your secret key hidden somewhere and nobody ever finds it, your passwords should be safe from being hacked by anyone. (At least that’s the idea)

If for any reason I start making intelligent posts on pinside please let me know, more than likely I’ve been hacked.

Darn. I really thought those nudes were you. They had mortarboards though. Must have been fake.

LTG : )

A few years ago, I had one of the guys I know show me what the dark web marketplaces actually looked like. Basically they have classified ads for bulk usernames and passwords and the associated websites. You could buy 1000 ebay accounts and passwords for $25. They had thousands of websites to choose from, and you could buy any number of username&password combinations you wanted to.

It was scary...

That sounds awful. Do you remember the link so that I’ll know to avoid it?

I use the best, most secure memory bank available on the market….

AF9D6F4B-73A2-4B83-8D4B-7F024184F134 (resized).jpeg

Followed by the most effective technological advanced invention known to man….

88845D3A-CFDF-40C0-BE67-0A66EDD5B065 (resized).jpeg

Your password and email has been compromised stolen over the past couple years. (Almost guaranteed, with all of the breaches)

All that is happening is a comparison with your passwords saved on your Apple device to a repository of compromised passwords and if a match is made it’s letting you know that the email and password combination is available on a list and to change it based on this.

It doesn’t mean Pinside had a breach.

Honestly, I am more concerned with the new ocean alert. A new ocean didn’t spawn out of nothingness. Taking away planets, adding oceans, seems like certain types of “scientists” are more concerned with relabeling established reality than actually making efforts towards discovery. In all honesty, there are a lot of unintelligent non-serious people in science and they are mostly blind to their innate non-scientific bias.

I find it both amusing and sad when I hear definitive proclamations regarding speculation related to complex systems like “the science is settled”, “science is absolute”, and “there is a scientific consensus” (all of which are unscientific by definition), and then out of the other side of their mouths they are basically implying they think all scientists before them were idiots who thought we had four oceans and nine planets. It sort of begs the question of how long it will be before the next generation will come along who consider these to be relative imbeciles.

For those who may be downvoting, my arguments are not against science as I am actually pro-science in my beliefs. My issue is with "scientists" who have allowed political ideology and other influences cloud their logic and conclusions. Science should always be driven by unfiltered logic towards discovery and progressing humankind forward, and conducted not with arrogance but with awe and wonder. Mathematics, chemistry, physics, engineering, etc. are all fields that I'm fascinated by where science is geared towards challenging the status quo and common knowledge to find evidence that might prove it false and to better define/explain the world around us. However, my attitude towards the pseudo sciences is fairly critical. One quick example of this is that you can find published reports on nearly any pseudo science topic that have contradictory conclusions. Typically, all you have to do is look at the funding source for the study or the origin of the group performing the study, and the conclusion will be pre-determined based on that bias.

Would love to openly discuss opinions, but probably the wrong place for an open analysis on the topic.

Oh - but I have been told for years by Apple 'fan bois' that it's IMPOSSIBLE for Apple products to get viruses, be hacked, blah blah blah.

Turns out they are just as vulnerable as any other brand product. Who would have thought.

I can't for the life of me work out why people are still willing to give this company "over the odds money" for products that clearly, and by many definitions, are far from "superior" as many try to make out?

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

The core of the argument is why focus efforts on 10% of the the personal computer market when the other 90% is what runs the world (servers, business, finance, etc.) In other words, it has never been an issue of vulnerability, rather, opportunity for the hackers.

However, with mobile devices taking over the world you can guarantee that both iOS and Android platforms are target rich environments.

I think most importantly is regardless of what device you use to connect to any website, once you have an account on a website, your username and password can be leaked in a security breach. Breaches happen every week somewhere in the world. Bigger ones showup on CNN and the WSJ and FT. Breaches are why BILLIONS of usernames and passwords are floating around and available to be purchased.

The hackers also try to trick you into revealing your details with malware on your device, but they know they can also just buy a 10-thousand usernames/passwords from the dark web and try them all.... ouch!

In the end, bad actors use all kinds of mechanisms to try to gain access to your accounts!

I think you misunderstood me, it had nothing to do with Apple. It’s a data breach at an online site. The data is then filtered on the dark web for hackers etc… to use. Good companies (Apple, Microsoft, etc…) get access to the data as well and use it to warn its user base if a password is published on the dark web. If you use the Apple function to store your passwords to make logging in easy, Apple compares your stored passwords against that file and let’s you know if it’s on the dark web (compromised). It’s passwords to things like your bank accounts, etc…

It has nothing to do with Apple devices and security risks with Apple products.