this post was submitted on 20 Aug 2023
59 points (100.0% liked)

Technology

37712 readers
196 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Take this quiz to find out if you can spot what’s real and what’s fake

WP gift link expires in 14 days.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 year ago (2 children)

This reminds me of the site to see if your email address had been pwned or not.
Well, if you looked yourself up, I’ve got some bad news for you….

[–] [email protected] 10 points 1 year ago (1 children)

You're wrong on this one, as the other comment noted.

Have I Been Pwned has a database of leaked credentials, with notes on where the data originated, when said site was hacked, etc. It is an incredibly good resource to see if any site you use has leaked your data in a breach, and how compromising that data is (legible or unsalted passwords, credit card information, etc.).

It is a tool used to react intelligently to data breaches. You input your email address, and it tells you if your email address is present in any leaked data sets. If so, you go change that password as fast as you can.

For your comment to make any sense, giving someone your email address means you've been "Pwned". I guess you don't subscribe to a lot of newsletters, then? How does entering your email address give anyone an advantage, apart from the knowledge that it exists? 🤔

The exact same feature is baked into Chrome's password manager, 1password, and many others. Does that mean that users of those services have been "Pwned"? 😐

[–] [email protected] 4 points 1 year ago (1 children)

I stand corrected, with thanks!

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

You're so welcome! 😃

It's one of those tools more people ought to use (like password managers), because it not only exposes real threats, it also opens your eyes to the fact that you really should be a lot more paranoid about you data than most people are.

Running my main email through it just now, this is the list of sites that have managed to lose my data. Many of these included passwords in various states of undress. These particular breaches span from 2013 to 2023. Each company name is followed by the information contained in the breach:

  • 123RF — Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames

  • 500px — Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames

  • 8tracks — Email addresses, Passwords

  • Adobe — Email addresses, Password hints, Passwords, Usernames

  • Bitly — Email addresses, Passwords, Usernames

  • CafePress — Email addresses, Names, Passwords, Phone numbers, Physical addresses

  • Data Enrichment Exposure From People Data Labs — Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Social media profiles

  • Deezer — Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Spoken languages, Usernames

  • Dropbox — Email addresses, Passwords

  • Gravatar — Email addresses, Names, Usernames

  • Kickstarter — Email addresses, Passwords

  • LinkedIn — Email addresses, Passwords, Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles

  • MyFitnessPal — Email addresses, IP addresses, Passwords, Usernames

  • Plex — Email addresses, IP addresses, Passwords, Usernames

  • TheTVDB.com — Email addresses, Passwords, Usernames

  • tumblr — Email addresses, Passwords

  • Twitter — Email addresses, Names, Social media profiles, Usernames

Because I use unique passwords for everything (long time 1password user, recently switched to Bitwarden which is free and works and syncs great on/between my Mac and Android phone), I'm not particularly worried about any of these, and all the passwords have since been changed.

But look at all the other shit that's in there 😳 DOB, IP, country, usernames associated with my email, education level, gender, social media accounts, phone numbers, home address. Even if you're not paranoid, do you really want everyone with a Tor browser and a cheap VPN to have access to that shit if they want to get to know you? 🤢

That's why I wanted to point out that HIBP is one of the good guys; no need for people to get bad vibes about a tool they might actually have an interest in using 😊

[–] [email protected] 2 points 1 year ago

Yeah I really called it wrong on my initial comment.
I took a look at my pwned history and it looks like we share a lot of sites.
Quite concerning and now I am at least using a password manager.
I am still on LastPass but am considering others.
It simply “works” in my case though, and I’m not sure how easy it would be to change to a new one so with them I stay.
It sucks that they made it into a “pay to play” if you want full cross platform access, but I use my gaming PC for so few sites that it isn’t a huge deal to just lock my LasPass to iOS.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

Pwned is legit though. its just databases of breaches.

[–] [email protected] 1 points 1 year ago