O/T: internet security question (leaked details)

I think it's pretty safe to assume some aspect of this "small company" website is compromised.

Small companies rent everything. They can't even rent a clue.

I generate long, random, password sequences for each Internet account created. They're a pain to type in, but I keep a stack of pieces of paper with the new ones printed on it. Only one site had a security issue - the company went bankrupt, and we heard later the servers they had were sold without being sanitized. (All the account info left the building intact, destination unknown.)

If you're using the same password for all of them, well, stop doing that :-) Or, uh... Oh. It already happened.

Paul

Stick the email address in here:

They are always telling us that we should use a password manager of cours. However there is no 100 percent secure system if as has been mentioned servers with customer data can be just sold to any tom dick or Serge.

I mean, another thing to look at is wifi password. Now if its too hard, nobody can remember it, if its too simply people can guess it, and of courrse many devices that use a cloud storage system actually store it, supposedly encrypted. The hackers know about exploiting apis these days as people use these off the shelf like a way to stop having to write new ones, but if they don't use them properly often a breach is created bigger than the brain of Marvin. Brian

Stick the email address in here:

Ah, that shows LinkedIn as an affected site for a data breach associated wi th the email address in question. I just realised that my LinkedIn account also used the old favourite email/password combo, so the recent activity co uld all be down to the LinkedIn breach.

says that while the LinkedIn breach was in 2016, it was 4 years later that the data began appearing on the dark web market. Maybe the vitamin supplier transaction was not at fault (still could be, t hough).

Cheers.

Ant.

Why would you need pieces of paper? Can you not use a program that saves passwords in an encrypted form. What happens if someone breaks into your house and steals the pieces of paper? Mine uses military security and allows you to view, cut and paste the passwords as required.

The idea of the purchasers going back for a refund does raise a smile ....

Four breaches, only one makes any sense and you have to subscribe to find out more details. Looks like a con to me.

In any case, if the breach only amounts to my email address (which is pretty widely circulated anyway) and the specific password for the compromised site (which has presumably reset the passwords anyway), I don't see a problem.

While that may help to see if your data is already compromised why would anyone set up an account with them to generate passwords? It seems against any sensible security to give personal details and then let a third party generate a password on their web site.

and 2FA wherever you can.

Computer security. It's the old two-campers-and-a-lion-joke ...

"Why are you putting on your shoes ? You'll never outrun it." "No, but I can outrun you ..."

:)

Also check that after you get these warning emails that you don't use the link in the same email to go to the site to change your password.

Drat yes, I hope the scrote doesn't notice the book on the bookshelf with the word "Passwords" embossed on the spine in gold. I expect such a scrote would have a little "Lone Ranger" mask, wear a black-and white striped jersey, and carry a bag marked "Swag" over his shoulder.

It is not a con. It is not a "subscription".

Good for you.

You do not have to set up an account to generate passwords. The OP asked a question which *could* be answered by using the site.

This is the report for one of my email addresses:

Adobe logo Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Compromised data: Email addresses, Password hints, Passwords, Usernames

Onliner Spambot logo Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow mo?u?q. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.

Compromised data: Email addresses, Passwords

River City Media Spam List logo River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.

It *should* be an absolute given that your "memorable data" is never what they try to entice you into giving up ...

The classic "Mothers Maiden Name" should *never* be answered truthfully, for example.

Thanks for our insightful advice. I'll stop locking my front door - obviously unnecessary as crime is fake news.

Sorry, I read Step 3 ouot of context when it said 'Subscribe to notifications for any other breaches. Then just change that unique password'. It's a 30 day free trial then a subscription.

Good for you if you hand out money every time you see the word 'security'.

Judging by the OP's habit of reusing the same password, I wonder if he also used it for his password manager allowing hackers to scoop up any passwords which are different.

It's crazy to re-use a password for a site like Amazon where the financial loss could become substantial.

In message , snipped-for-privacy@gmail.com writes

I've have my own domain, so (like many others), almost every company I deal with gets its own email address (generally company@mydomain). From that I can track where spam(*) comes from. In many cases it is sent to the address that I've given to various small businesses, rarely the large ones, leading me to the conclusion (possibly wrongly) that some small businesses (or more likely their outsourced systems) have had some poor IT security. In only one case has a business been in touch to admit that they've been compromised, and that was by an activist group whose name I forget.

(*) spam also cover phishing attempts, and those odd emails from the person telling me that they've hacked my (non-existent) webcam.

Adrian

CCleaner gives you the option of selecting the cookies you want to keep.