1 Billion Email Username & credentials released


Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,524
Reaction score
1,076
In the last few days a massive list of email usernames and credentials has been released in lists known as Anti-Public and Exploit.in.

These compromised accounts have been vulnerable since December 2016 and in some cases are being used by Hackers to make financial gains against the person, or spread virus and malware to contacts and others using the legitimate account that has been compromised.

You can check whether your email address is in this list by entering it on the following website:

https://haveibeenpwned.com/


For more information about this release you can read here:

https://www.cert.govt.nz/businesses-and-individuals/recent-threats/1-billion-username-and-password-credentials-released


If one of your email addresses is compromised, I'd strongly recommend you immediately change your password, especially if you are in the habit of using the same password on multiple accounts, or with internet banking etcetera.
 
Ad

Advertisements

Joined
Apr 22, 2017
Messages
2,658
Reaction score
310
Hi @Regedit32,

I'm on the list (1 time only) and most likely from when Yahoo got hacked a while back, I changed my PW recently anyway so I am good (said he hopefully!). :)

Thanks for the heads up. :D
 

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,641
Reaction score
563
The scale of these recent password dumps is incredible. Pretty much everyone with an online presence will have their details compromised somewhere it seems.

Now more than ever, it's worth using unique passwords and storing them locally in something like KeePass (free).
 
Joined
Oct 26, 2016
Messages
1,648
Reaction score
446
one of my MSN accounts was 'pawned' (one that I use only for forums and I am member in several) . Well, it was time to change passwords anyway.......
 
Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
My Bell email account was pawned once, Hot mail/Outlook never.
 
Joined
Nov 19, 2013
Messages
4,689
Reaction score
912
I have, from time to time. used this similar site

https://sec.hpi.de/leak-checker/search

I have, like most, more than one login/password- The one I use for more secure items returns this response:
Congratulations: Your e-mail address davexxxx does not appear in our data base. However, this is not a guarantee that none of your personal information was leaked.

The other, which will get hackers into sites of no consequence, has been compromised. They are welcome! I think I will leave it that way, to keep them happy
 
Ad

Advertisements

Joined
Apr 22, 2017
Messages
2,658
Reaction score
310
Now more than ever, it's worth using unique passwords and storing them locally in something like KeePass (free).
Hi Ian,

I have my own method called pen & paper, that way I know exactly where my PW's are and who is looking at them! (I have them all neatly typed on a page with like you said; "Unique passwords"!). :)
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,524
Reaction score
1,076
The other, which will get hackers into sites of no consequence, has been compromised
There is little point changing it given hackers all ready have proven the site is insecure, although it would be worth changing to at least attempt to prevent someone with ill intent sending a virus to someone you may know and is on your contact list in the account; otherwise perhaps just close the account altogether.

My point of opening this thread though was to warn people who use the same password in multiple places, that if their email address is on that list that means someone with ill intent can access any other site using the password

Hence my suggestion to change password to prevent someone stealing money, etcetera.

In the perfect world people would use a different password for each place they log in to, but we are not living in that Utopia just yet.
 
Last edited:

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,555
Reaction score
2,029
Before anyone panics too much.
Keep in mind that this list is "historic" in that many instances occurred in previous years. IF you use the little button to "View all breaches" and go through the list by scrolling way down, you will find for instance that
Adobe
In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text.
That was one that I was caught up in and remedied quite some time ago, as I had multiple email accounts associated with my Adobe ID.

While for the most part, all information is good and positive. Everyone should take some time and evaluate the information and adjust for pertinence as it might apply to them.
Many of the sites listed, I have never had any association with.
The couple on the list that I have, I had already taken remedial steps to address the issue(s) quite some time ago.

That said, it's always a good idea to consider changing passwords from time to time and of course using unique / complex passwords including alpha and numeric characters and throwing in the occasional symbol to make things a bit more challenging for those who might attempt to "guess" ........ P@$$w0rd.

Although a complex password is never going to keep you safe from a data breach where sites do not protect their users against such attacks.
My question is.... "Can they"?

With all the "tools" out there, some of which.... courtesy of our own government via WikiLeaks (thank you by the way.... NOT! ), one of those was just used to produce the recent RansomWare attack that I'm sure many have been reading about.
 

Bif

Joined
Oct 17, 2015
Messages
1,169
Reaction score
445
As much as I try to heed this as a legit warning,. I've had one of my accounts on this list or similar list numerous times with no ill effects (that I'm aware of)...my password is so strong and so long and complicated that my wife and I need a cheat sheet just to login to our emails. ( I use the @Wolfie technique of keeping passwords)
We don't do any online banking or transactions and only keep half a dozen people in our contacts, so personally for us I'm not overly concerned.
Perhaps this may bite me in the backside at some point but until then I shan't lose sleep.
 
Last edited:
Ad

Advertisements

Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
Bif same here, I'm not going to lose any sleep over the report. I still have to wonder if the report itself is legitimate, I don't understand why an organization like Certnz be looking for donations.
 
  • Like
Reactions: Bif
Joined
Nov 19, 2013
Messages
4,689
Reaction score
912
As Trouble says. You can trace similar findings back over several years. It is not a bad idea, though, to put a scareful reminder out occasionally.
 
Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
Further to the above post. I put was even more curious and input a false email name with the same server. Guess what, I got the dreaded message, Oh no! Pwned. Pwned 1 breach no pastes. LOL
 
Joined
Feb 22, 2014
Messages
1,406
Reaction score
275
Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
Dave I like your check site better. LOL
https://sec.hpi.de/leak-checker/search

It says "Congratulations: Your e-mail address xxxatxxxxx.net does not appear in our data base. However, this is not a guarantee that none of your personal information was leaked.
 
Ad

Advertisements

Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
Yesterday I tested the link to see if my email account had been compromized.
Today I received an security alert email from my email provider IT Group President.

"I am writing to inform you that xxxxxx (provider) Canada was contacted by an anonymous hacker about the illegal access of customer information. Your email address was included in the information illegally accessed. We apologize for this situation.
xxxxxx believes there is minimal risk involved but there are appropriate general precautions to take to protect your personal data from fraudulent activity.

The protection of our customer and corporate information is of primary importance to (provider) xxxxxx.
We work closely with government agencies, the RCMP and other law enforcement, and the broader technology industry to combat the growth of hacking and other cyber crimes.

@Norton
It's comforting to know that my provider is monitoring for illegal account activity.
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,524
Reaction score
1,076
Are you sure that really came from your Provider?

If it did then yes its great they are so proactive.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top