X-PTCBox Forum
https://ptcbox.me/forum/YaBB.pl
Help - Support >> Tech Help Section >> Have I been pwned - Check your email for possible security breaches
https://ptcbox.me/forum/YaBB.pl?num=1473962304

Message started by moneymarketing on 15th Sep, 2016 at 8:58pm

Title: Have I been pwned - Check your email for possible security breaches
Post by moneymarketing on 15th Sep, 2016 at 8:58pm
Hi SS,

I don't know where you might want this but what is your opinion of this?

I'm also thinking it would be a great scam for getting people to submit their emails

https://haveibeenpwned.com/

Title: Re: Have I been pwned
Post by SolidSnake on 16th Sep, 2016 at 1:39am
Well, it's actually not a scam! :)

After researching a bit about the website, I figured out it's a legit one that comes from Troy Hunt that is indeed a security specialist.

What the website does is this..:

Over the past few years there have been some major security breaches in some huge platforms from Adobe, yahoo, dropbox, etc. (these are publicly known).

The guy has accumulated a list of the email addresses and domain names that were included in the accounts that were compromised during those attacks (not sure how but I won't ask).

Sure he can't tell for sure if someone has actually used the compromised data, only presenting results from accounts that MAY have been compromised.

If for example an email was included in the lists of the compromised accounts from Adobe then it should pop up in the results.. it doesn't mean that someone had actually assumed control of the account but at some point in the past, it was possible during the breach.

Etc, a server has a list of accounts with their encrypted passwords. If a hacker figures out a way to pull that data from the server, the accounts in the list should be considered compromised but it doesn't mean that he also decrypted them or figured out a way to use them.. it only means that there is a possibility in doing so.. it's when such sites recommended us forcefully to update our passwords..

It's happened to me in the past in dropbox and trillian once.. They had asked me to change my password just to make sure my account is safe due to such a security breach.. and yes my email that I was using with them, pops up in this site's results as pwned so the data is accurate..  ;D

Title: Re: Have I been pwned
Post by dansbanners on 16th Sep, 2016 at 3:45am
What is this program about?

Title: Re: Have I been pwned
Post by moneymarketing on 16th Sep, 2016 at 5:05am
people were recco'ing the site after the cs hack. That is were I learned of it. My cs email was on there but I had already changed my password

Title: Re: Have I been pwned
Post by moneymarketing on 16th Sep, 2016 at 5:07am

dansbanners wrote on 16th Sep, 2016 at 3:45am:
What is this program about?

Check if you have an account that has been compromised in a data breach

Title: Re: Have I been pwned
Post by SolidSnake on 16th Sep, 2016 at 12:47pm
And I figured out I was misspelling "breach" as "breech" the whole time..  ;D
Ok, I corrected that.

Btw, the site is informative enough to bring up details regarding each breach within the results stating when it happened and what credentials exactly were compromised, so if there's been like 2-3 years since the breach, your email is in the list and you haven't noticed any weird behavior on your email account, it means that your email was not abused or noticeably abused by the hackers so you're somewhat safe..

Either way it's a good practice to change your passwords every once in a while because you never know if or when it will hit you..

So, I'm moving this to the technical issues thread due to its "security issues" oriented nature..

Title: Re: Have I been pwned - Check your email for possible security breaches
Post by ruicarlov on 16th Sep, 2016 at 6:50pm
I have been pwned once, also in Clixsense.

Title: Re: Have I been pwned
Post by moneymarketing on 16th Sep, 2016 at 7:24pm

SolidSnake wrote on 16th Sep, 2016 at 12:47pm:
And I figured out I was misspelling "breach" as "breech" the whole time..  ;D
Ok, I corrected that.

Btw, the site is informative enough to bring up details regarding each breach within the results stating when it happened and what credentials exactly were compromised, so if there's been like 2-3 years since the breach, your email is in the list and you haven't noticed any weird behavior on your email account, it means that your email was not abused or noticeably abused by the hackers so you're somewhat safe..

Either way it's a good practice to change your passwords every once in a while because you never know if or when it will hit you..

So, I'm moving this to the technical issues thread due to its "security issues" oriented nature..



...and different passwords for different sites



Title: Re: Have I been pwned
Post by SolidSnake on 16th Sep, 2016 at 11:08pm

moneymarketing wrote on 16th Sep, 2016 at 7:24pm:
...and different passwords for different sites

Sometimes it's good to come out with a "salting" formula in order to have different passwords for each site, however it has to be sophisticated enough because it may not be hard for someone to figure out..

X-PTCBox Forum » Powered by YaBB 2.5.2!
YaBB Forum Software © 2000-2024. All Rights Reserved.