Jump to content
Forums Titans & NFL Talk NFL Draft Fantasy Football College Football Other Sports Off-Topic Discussion Politics Feeds New Content Trending My Content All Activity Other Chat Room Podcast Advanced Search

have i been pwned?

Starkiller

By Starkiller
in Off-Topic Discussion

 Share

Recommended Posts

chef

chef

Posted
Posted
21 hours ago, Starkiller said:

For people who may not be aware, this is a handy site to see if your email address (or passwords you commonly use) has shown up in publicly available website security breeches. They just got a big data cache uploaded recently, so it might be worth a look.

 

https://haveibeenpwned.com/

If you have an email listed as breached, you think it's enough to simply change password?

Link to post
Share on other sites
Starkiller

Starkiller

Posted
  • Author
Posted
2 hours ago, chef said:

If you have an email listed as breached, you think it's enough to simply change password?

Yes, though that may not even be necessary if you have already done it. Or it might not even have a password, it could just tell you that a marketing company got hacked and your email was on their list.

 

For example, I put in my email address and it tells me what services were involved and roughly what date. So it says Dropbox got hacked in mid-2012. Well I already changed that password so I don’t need to do anything, but that’s only because I remember they forced everyone to change passwords.

Link to post
Share on other sites
OzTitan

OzTitan

Posted
Posted (edited)

This website is run by Troy Hunt - a very well known name in the tech security industry. It's trustworthy and highly regarded.

 

If you put your email in, it should tell you the exact breaches it was detected in, and spell out if it involved passwords, sometimes as specific as clear text or poorly hashed passwords (meaning the password is known). Any breach that uses bcrypt or basically just not clear/MD5/SHA passwords means your password is probably only known if it is a simple password, but it's still worth considering it to be known and to change it.

 

FWIW when you use the password search feature, you're not actually sending your password to them. What's happening is your clear text password is turned into a hash in your browser, and it sends the first 5 characters of this hash to their server, which returns a list of all known passwords that also have the same first 5 characters in their hash. Your browser then compares this list to your hashed password and reports if your full hashed password was found. So as far as the network and their server is concerned, it sees the first 5 characters of a 40 character password hash, which is useless to them and effectively keeps it private.

Edited by OzTitan
Link to post
Share on other sites
OzTitan

OzTitan

Posted
Posted (edited)
20 hours ago, Denali said:

So I put in “[email protected]” and it says that it’s been breached 3 times and then it gave me instructions for how to download and use their app.

 

LOL

 

Scam.

 

No, it means that address was found in a breach. If you search for "[email protected]" you'll see it says no breach, so it isn't just saying everything is found.

 

Like I said, this is a well known resource and is based on valid data. It has become a bit more commercialized with links to 1password (which he earns commission on if sold) but Troy runs this on his own volition as a free service, and it has exploded in popularity in recent times so isn't cost-free to run.

Edited by OzTitan
Link to post
Share on other sites
Denali

Denali

Posted
Posted
2 hours ago, OzTitan said:

No, it means that address was found in a breach. If you search for "[email protected]" you'll see it says no breach, so it isn't just saying everything is found.

 

Like I said, this is a well known resource and is based on valid data. It has become a bit more commercialized with links to 1password (which he earns commission on if sold) but Troy runs this on his own volition as a free service, and it has exploded in popularity in recent times so isn't cost-free to run.

So your point is that “[email protected]” was actually used by someone?

Link to post
Share on other sites
OzTitan

OzTitan

Posted
Posted
1 hour ago, Denali said:

So your point is that “[email protected]” was actually used by someone?

If it comes back as being part of a breach then yes. It could be someone's real address, or it could have been used as a fake address to bypass a signin page or something - not every service requires you to verify your email. For example "[email protected]" is in 198 breaches.

Link to post
Share on other sites
klaatu'sAngel'sUncle

klaatu'sAngel'sUncle

Posted
Posted
Quote

Oh no! Looks like your passwords have been compromised.

Sign up for 1Password and follow the steps below to fix your at risk passwords now.

Try 1Password FREE for 30 days

 

It might not be a scam per se, but they just want you to buy their $60 a year service. A small price to pay for peace of mind! But really, if you've changed your password since the breach occurred then you're not compromised.

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...