1 Billion Email Username & credentials released

Regedit32 · May 14, 2017

In the last few days a massive list of email usernames and credentials has been released in lists known as Anti-Public and Exploit.in.

These compromised accounts have been vulnerable since December 2016 and in some cases are being used by Hackers to make financial gains against the person, or spread virus and malware to contacts and others using the legitimate account that has been compromised.

You can check whether your email address is in this list by entering it on the following website:

https://haveibeenpwned.com/

For more information about this release you can read here:

https://www.cert.govt.nz/businesses...on-username-and-password-credentials-released

If one of your email addresses is compromised, I'd strongly recommend you immediately change your password, especially if you are in the habit of using the same password on multiple accounts, or with internet banking etcetera.

Wolfie · May 14, 2017

Hi @Regedit32,

I'm on the list (1 time only) and most likely from when Yahoo got hacked a while back, I changed my PW recently anyway so I am good (said he hopefully!).

Thanks for the heads up.

Ian · May 14, 2017

The scale of these recent password dumps is incredible. Pretty much everyone with an online presence will have their details compromised somewhere it seems.

Now more than ever, it's worth using unique passwords and storing them locally in something like KeePass (free).

Grizzly · May 14, 2017

one of my MSN accounts was 'pawned' (one that I use only for forums and I am member in several) . Well, it was time to change passwords anyway.......

Norton · May 14, 2017

My Bell email account was pawned once, Hot mail/Outlook never.

davehc · May 14, 2017

I have, from time to time. used this similar site

https://sec.hpi.de/leak-checker/search

I have, like most, more than one login/password- The one I use for more secure items returns this response:
Congratulations: Your e-mail address davexxxx does not appear in our data base. However, this is not a guarantee that none of your personal information was leaked.

The other, which will get hackers into sites of no consequence, has been compromised. They are welcome! I think I will leave it that way, to keep them happy

Wolfie · May 14, 2017

Ian said:
Now more than ever, it's worth using unique passwords and storing them locally in something like KeePass (free).

Hi Ian,

I have my own method called pen & paper, that way I know exactly where my PW's are and who is looking at them! (I have them all neatly typed on a page with like you said; "Unique passwords"!).

Regedit32 · May 14, 2017

davehc said:
The other, which will get hackers into sites of no consequence, has been compromised

There is little point changing it given hackers all ready have proven the site is insecure, although it would be worth changing to at least attempt to prevent someone with ill intent sending a virus to someone you may know and is on your contact list in the account; otherwise perhaps just close the account altogether.

My point of opening this thread though was to warn people who use the same password in multiple places, that if their email address is on that list that means someone with ill intent can access any other site using the password

Hence my suggestion to change password to prevent someone stealing money, etcetera.

In the perfect world people would use a different password for each place they log in to, but we are not living in that Utopia just yet.

davehc · May 14, 2017

My brain is not in that utopia either! lol

Trouble · May 14, 2017

Before anyone panics too much.
Keep in mind that this list is "historic" in that many instances occurred in previous years. IF you use the little button to "View all breaches" and go through the list by scrolling way down, you will find for instance that

Adobe
In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text.

That was one that I was caught up in and remedied quite some time ago, as I had multiple email accounts associated with my Adobe ID.

While for the most part, all information is good and positive. Everyone should take some time and evaluate the information and adjust for pertinence as it might apply to them.
Many of the sites listed, I have never had any association with.
The couple on the list that I have, I had already taken remedial steps to address the issue(s) quite some time ago.

That said, it's always a good idea to consider changing passwords from time to time and of course using unique / complex passwords including alpha and numeric characters and throwing in the occasional symbol to make things a bit more challenging for those who might attempt to "guess" ........ P@$$w0rd.

Although a complex password is never going to keep you safe from a data breach where sites do not protect their users against such attacks.
My question is.... "Can they"?

With all the "tools" out there, some of which.... courtesy of our own government via WikiLeaks (thank you by the way.... NOT! ), one of those was just used to produce the recent RansomWare attack that I'm sure many have been reading about.

Bif · May 14, 2017

As much as I try to heed this as a legit warning,. I've had one of my accounts on this list or similar list numerous times with no ill effects (that I'm aware of)...my password is so strong and so long and complicated that my wife and I need a cheat sheet just to login to our emails. ( I use the @Wolfie technique of keeping passwords)
We don't do any online banking or transactions and only keep half a dozen people in our contacts, so personally for us I'm not overly concerned.
Perhaps this may bite me in the backside at some point but until then I shan't lose sleep.

Norton · May 14, 2017

Bif same here, I'm not going to lose any sleep over the report. I still have to wonder if the report itself is legitimate, I don't understand why an organization like Certnz be looking for donations.

davehc · May 14, 2017

As Trouble says. You can trace similar findings back over several years. It is not a bad idea, though, to put a scareful reminder out occasionally.

Norton · May 14, 2017

Further to the above post. I put was even more curious and input a false email name with the same server. Guess what, I got the dreaded message, Oh no! Pwned. Pwned 1 breach no pastes. LOL

clifford_cooley · May 14, 2017

Regedit32 said:
You can check whether your email address is in this list by entering it on the following website:

https://haveibeenpwned.com/

Just says I have 1 breach.

davehc said:
I have, from time to time. used this similar site

https://sec.hpi.de/leak-checker/search

Gives more info.

unrealengine.com Aug. 2016 ✓ Affected

Now I know where the breach originated.

Norton · May 14, 2017

Dave I like your check site better. LOL
https://sec.hpi.de/leak-checker/search

It says "Congratulations: Your e-mail address xxxatxxxxx.net does not appear in our data base. However, this is not a guarantee that none of your personal information was leaked.

Wolfie · May 15, 2017

If anyone is interested; Avast (the freebie version) has a password vault thingy (@Ian mentioned it above), I used Avast years ago but haven't used it since I installed W10 and just use Windows Defender!.

https://www.avast.com/en-us/passwords#pc

Norton · May 17, 2017

Yesterday I tested the link to see if my email account had been compromized.
Today I received an security alert email from my email provider IT Group President.

"I am writing to inform you that xxxxxx (provider) Canada was contacted by an anonymous hacker about the illegal access of customer information. Your email address was included in the information illegally accessed. We apologize for this situation.
xxxxxx believes there is minimal risk involved but there are appropriate general precautions to take to protect your personal data from fraudulent activity.

The protection of our customer and corporate information is of primary importance to (provider) xxxxxx.
We work closely with government agencies, the RCMP and other law enforcement, and the broader technology industry to combat the growth of hacking and other cyber crimes.

@Norton
It's comforting to know that my provider is monitoring for illegal account activity.

Regedit32 · May 17, 2017

Are you sure that really came from your Provider?

If it did then yes its great they are so proactive.

davehc · May 17, 2017

This probably sheds light on it:

http://www.newswire.ca/news-release...access-of-customer-information-622388793.html

How to open OST File in MS Outlook email?	1	Feb 2, 2019
Deletion One drive email notice from Outlook	3	Jan 27, 2019
Transferring my emails from Vista	6	Jan 22, 2019
SOLVED Windows 10 email	14	Jan 17, 2019
Email link only gives html view not web view	2	Jan 16, 2019
At least it's not a Billion	2	Dec 22, 2016
Three Billion Visitors to Windows Store	2	Feb 5, 2016
Windows 10: Preparing to Upgrade One Billion Devices	4	Jul 3, 2015

1 Billion Email Username & credentials released

Regedit32

Wolfie

Ian

Grizzly

Norton

davehc

Wolfie

Regedit32

davehc

Trouble

Noob Whisperer

Bif

Norton

davehc

Norton

clifford_cooley

Norton

Wolfie

Norton

Regedit32

davehc

Ask a Question

Similar Threads