Welcome, Guest. Please Login or Register
  HomeHelpSearchLoginRegister Latest Rules Support  
 
Page Index Toggle Pages: 1
Send Topic Print
Have I been pwned - Check your email for possible security breaches (Read 9453 times)
moneymarketing
Sub Moderator
*****
Offline



Posts: 3908
Vancouver, Canada
Gender: male
Have I been pwned - Check your email for possible security breaches
15th Sep, 2016 at 8:58pm
 
Hi SS,

I don't know where you might want this but what is your opinion of this?

I'm also thinking it would be a great scam for getting people to submit their emails

https://haveibeenpwned.com/
Back to top
« Last Edit: 16th Sep, 2016 at 12:49pm by SolidSnake »  

David
 
IP Logged
 
SolidSnake
Forum Administrator
*****
Offline


I'm impossible to forget,
but I'm hard to remember

Posts: 3386
Center of the Universe
Gender: male
Re: Have I been pwned
Reply #1 - 16th Sep, 2016 at 1:39am
 
Well, it's actually not a scam! Smiley

After researching a bit about the website, I figured out it's a legit one that comes from Troy Hunt that is indeed a security specialist.

What the website does is this..:

Over the past few years there have been some major security breaches in some huge platforms from Adobe, yahoo, dropbox, etc. (these are publicly known).

The guy has accumulated a list of the email addresses and domain names that were included in the accounts that were compromised during those attacks (not sure how but I won't ask).

Sure he can't tell for sure if someone has actually used the compromised data, only presenting results from accounts that MAY have been compromised.

If for example an email was included in the lists of the compromised accounts from Adobe then it should pop up in the results.. it doesn't mean that someone had actually assumed control of the account but at some point in the past, it was possible during the breach.

Etc, a server has a list of accounts with their encrypted passwords. If a hacker figures out a way to pull that data from the server, the accounts in the list should be considered compromised but it doesn't mean that he also decrypted them or figured out a way to use them.. it only means that there is a possibility in doing so.. it's when such sites recommended us forcefully to update our passwords..

It's happened to me in the past in dropbox and trillian once.. They had asked me to change my password just to make sure my account is safe due to such a security breach.. and yes my email that I was using with them, pops up in this site's results as pwned so the data is accurate..  Grin
Back to top
« Last Edit: 16th Sep, 2016 at 12:36pm by SolidSnake »  
WWW  
IP Logged
 
dansbanners
VIP Member
*****
Offline


I love being here!

Posts: 2025
Gender: male
Re: Have I been pwned
Reply #2 - 16th Sep, 2016 at 3:45am
 
What is this program about?
Back to top
 

 
IP Logged
 
moneymarketing
Sub Moderator
*****
Offline



Posts: 3908
Vancouver, Canada
Gender: male
Re: Have I been pwned
Reply #3 - 16th Sep, 2016 at 5:05am
 
people were recco'ing the site after the cs hack. That is were I learned of it. My cs email was on there but I had already changed my password
Back to top
 

David
 
IP Logged
 
moneymarketing
Sub Moderator
*****
Offline



Posts: 3908
Vancouver, Canada
Gender: male
Re: Have I been pwned
Reply #4 - 16th Sep, 2016 at 5:07am
 
dansbanners wrote on 16th Sep, 2016 at 3:45am:
What is this program about?

Check if you have an account that has been compromised in a data breach
Back to top
 

David
 
IP Logged
 
SolidSnake
Forum Administrator
*****
Offline


I'm impossible to forget,
but I'm hard to remember

Posts: 3386
Center of the Universe
Gender: male
Re: Have I been pwned
Reply #5 - 16th Sep, 2016 at 12:47pm
 
And I figured out I was misspelling "breach" as "breech" the whole time..  Grin
Ok, I corrected that.

Btw, the site is informative enough to bring up details regarding each breach within the results stating when it happened and what credentials exactly were compromised, so if there's been like 2-3 years since the breach, your email is in the list and you haven't noticed any weird behavior on your email account, it means that your email was not abused or noticeably abused by the hackers so you're somewhat safe..

Either way it's a good practice to change your passwords every once in a while because you never know if or when it will hit you..

So, I'm moving this to the technical issues thread due to its "security issues" oriented nature..
Back to top
 
WWW  
IP Logged
 
ruicarlov
VIP Member
*****
Offline


PTCMan! The doodle superhero
of the PTC world!

Posts: 1479
Portugal
Gender: male
Re: Have I been pwned - Check your email for possible security breaches
Reply #6 - 16th Sep, 2016 at 6:50pm
 
I have been pwned once, also in Clixsense.
Back to top
 
 
IP Logged
 
moneymarketing
Sub Moderator
*****
Offline



Posts: 3908
Vancouver, Canada
Gender: male
Re: Have I been pwned
Reply #7 - 16th Sep, 2016 at 7:24pm
 
SolidSnake wrote on 16th Sep, 2016 at 12:47pm:
And I figured out I was misspelling "breach" as "breech" the whole time..  Grin
Ok, I corrected that.

Btw, the site is informative enough to bring up details regarding each breach within the results stating when it happened and what credentials exactly were compromised, so if there's been like 2-3 years since the breach, your email is in the list and you haven't noticed any weird behavior on your email account, it means that your email was not abused or noticeably abused by the hackers so you're somewhat safe..

Either way it's a good practice to change your passwords every once in a while because you never know if or when it will hit you..

So, I'm moving this to the technical issues thread due to its "security issues" oriented nature..



...and different passwords for different sites


Back to top
 

David
 
IP Logged
 
SolidSnake
Forum Administrator
*****
Offline


I'm impossible to forget,
but I'm hard to remember

Posts: 3386
Center of the Universe
Gender: male
Re: Have I been pwned
Reply #8 - 16th Sep, 2016 at 11:08pm
 
moneymarketing wrote on 16th Sep, 2016 at 7:24pm:
...and different passwords for different sites



Sometimes it's good to come out with a "salting" formula in order to have different passwords for each site, however it has to be sophisticated enough because it may not be hard for someone to figure out..
Back to top
 
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print