Over 1 Billion Login Credentials Leaked

[philotux]

A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history.

This collection of email address and passwords—dubbed “Collection #1”—groups together several smaller breaches into a larger master file of sorts. This huge collection of data comes from several different sites, so your personal info may have been compromised from multiple different sources. That means your information could’ve been compromised multiple times—the same email address with different passwords.

Here’s how to make sure your information is still safe...
So, to find out if your email or passwords have been compromised with the Collection #1 leak—or any other before it—head over to Have I Been Pwned, enter your email address, and brace yourself for the results.

from: How-To Geek >> Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised


Even though there seems to be some discrepancy on the number of the login credential being leaked cited by different sites, it is in the region of one billion "more or less".

I found another site which, beside Have I been Pwned, lists some other resources as well:
https://www.digitaltrends.com/computing ... en-hacked/

My question is if you have used these services and do you find them legit and trustworthy?

[gm10]

My question is if you have used these services and do you find them legit and trustworthy?

Re trustworthy, dunno, maybe they're just looking to harvest good email addresses, i.e. the ones you are worried to have compromised.

Personally I use different random passwords for every site so I'm not all that bothered since a breach to one site will be contained to that site.

[philotux]

Re trustworthy, dunno, maybe they're just looking to harvest good email addresses, i.e. the ones you are worried to have compromised.

Personally I use different random passwords for every site so I'm not all that bothered since a breach to one site will be contained to that site.

That was exactly my thought as well. I have started using a password manager lately, LastPass. I don't know if they are any good or "trustworthy" or how secure their "vaults" are. It does at least generate random passwords that I don't have to remember myself. So at least it is quite comfortable, in a practical sense. But do I feel comfortable, I am not so sure

[Schultz]

Have I Been Pwned is supposed to be legit. I've seen it recommended by people and other sites that are legit. Of course, there's always a risk I suppose.

[philotux]

Have I Been Pwned is supposed to be legit. I've seen it recommended by people and other sites that are legit. Of course, there's always a risk I suppose.

I have always taken How-To Geek to be a good resource. So if they recommend it, I think I can regard the site as legit.
Don't know what's happened to me. Once upon a time, I was a quite trustful person :(

[Portreve]

As a matter of policy, I never comment on my personal arrangements for security.

That said, I think people need to realize being on a lot of sites (of whatever category) on the Internet actually constitutes overexposure at this point, and therefore now qualifies in and of itself as "risky behavior".

I have scaled back what I'm on on the Internet (for personal purposes) to just a few things. This site made its way through several rounds of cutting.

The other day while performing a check of my exposure, I was disheartened to see my voter roll information is out there, flapping in the breeze. I'm going to inquire of my local board of elections if that information can be withdrawn. If not, I will have to take other steps.

I found no other sources providing personal information about me. Hooray!

I would like suggest to everyone else here to do some security sweeps and take whatever protective steps are available.

[smurphos]

Make your own mind out about whether it's a trustworthy service or not - I'm satisfied that it is and it returns correct info for my email address (i.e. it was included in the data sold on the darknet after the Mint forum hack of 2016)

https://haveibeenpwned.com/About
https://haveibeenpwned.com/Privacy

[philotux]

@Portreve

Thanks for your reply! I appreciate you sharing your thoughts on this matter. You are absolutely right about the overexposure being a risk by itself. I should be ging through all my sign-ups and taking measures to secure my accounts.

@smurphos

Thanks for your post! And for the links. I'll be heading there to do my homework.

[Faust]

......
Personally I use different random passwords for every site so I'm not all that bothered since a breach to one site will be contained to that site.

Same here .
I'm about to start " road-testing " Bitwarden to manage them all , and I'm wondering if others here have used it .
Open source and cross-platform are both plus points for me .

Slightly off-topic I know ....

[philotux]

I'm about to start " road-testing " Bitwarden to manage them all , and I'm wondering if others here have used it .
Open source and cross-platform are both plus points for me .

For the same reasons, I have been considering these past few days to move away from Lastpass to Bitwarden. If you are taking it for a "road-testing" I would really appreciate If you wanted to share your experience and thoughts about it.

[Faust]

For the same reasons, I have been considering these past few days to move away from Lastpass to Bitwarden. If you are taking it for a "road-testing" I would really appreciate If you wanted to share your experience and thoughts about it.

Yes , I'll do that , but I will start a new thread ....
.... don't want to derail this one any further

[philotux]

Yes , I'll do that , but I will start a new thread ....
.... don't want to derail this one any further

Sure. Sounds great! Thanks!

[Portreve]

@Portreve

Thanks for your reply! I appreciate you sharing your thoughts on this matter. You are absolutely right about the overexposure being a risk by itself. I should be ging through all my sign-ups and taking measures to secure my accounts.

I used to be on social media, I had a number of message board accounts, I had a CafePress shop, and so on. Now pretty much all that's left is this account, my banking and health and other financial organizational sites, and that's it. Once I eventually (not any time soon, unfortunately) walk away from Google, that will all be shuttered, too.

[OFF-TOPIC]

Lately, I've begun to feel weighted down by technology, by this whole 24×7 always on thing, by the seeking never-ending need to constantly be troubleshooting things, and I've reached a point of burnout which, honestly, I think is perhaps only a step or two away from me snapping and throwing it all away. That would also include my job, if it came to it. I can't afford to do that (right now) so I need to take steps to start baking away from things and reassessing my life. Crap like this just makes it worse for me.

[/OFF TOPIC]

[philotux]

I used to be on social media, I had a number of message board accounts, I had a CafePress shop, and so on. Now pretty much all that's left is this account, my banking and health and other financial organizational sites, and that's it. Once I eventually (not any time soon, unfortunately) walk away from Google, that will all be shuttered, too.

Apart from some Linux related forums, I am not on any social media platforms. I signed up for FB and Twitter long ago, but I have practically used them next to zero and not for a long time. I have used a couple of Gmail accounts for most of my forum's registrations. so I am not sure haw I can move away from them. And I do use an Android phone which is all tied up to Google.

[Portreve]

Apart from some Linux related forums, I am not on any social media platforms. I signed up for FB and Twitter long ago, but I have practically used them next to zero and not for a long time. I have used a couple of Gmail accounts for most of my forum's registrations. so I am not sure haw I can move away from them. And I do use an Android phone which is all tied up to Google.

At the risk of derailing this thread, I'll simply say this:

Consider a hypothetical person, who for argument's sake is in middle or high school, who declares, “When I grow up, my plan is to be successful.” It sounds nice, but it isn't actionable because there's no defined target goal state.

Similarly, I am now, even as I write this, reevaluating my life and relationship with the world around me. It's not that technology is per-se a bad thing. I wouldn't want to give up having a car, or ask hospitals to give up all their equipment. I need to figure out specifically what I mean by "I'm burned out with technology" so as to make it actionable. I'm not to that point of understanding yet.

I don't know, objectively, if Purism's Librem 5 is going to have legs. I hope it will, but I don't know that it will. One very significant advantage it has over other would-be competitors of the past is it's running straight GNU+Linux, so can potentially leverage teens of thousands of existing programs in an environment for which there is existing broad development of software. Nevertheless, if it has legs, I'll eventually drop Android in favor of it.

[philotux]

I don't know, objectively, if Purism's Librem 5 is going to have legs. I hope it will, but I don't know that it will.

Let's hope it'll get some! It surely looks like a worthy endeavor.

[MrGrimm]

My question is if you have used these services and do you find them legit and trustworthy?

Re trustworthy, dunno, maybe they're just looking to harvest good email addresses, i.e. the ones you are worried to have compromised.

Personally I use different random passwords for every site so I'm not all that bothered since a breach to one site will be contained to that site.

EXACTLY!!!!

while security breeches this day and age are EXTREMELY serious i'm not going to a site to enter my email when the right way of doing it is to list ALL the affected sites on one page for peeps to browser through and see if sites thet are part of are listed, and if they find some go directly to those sites and change BOTH their email and password. NONE of these articles list any of the so called affected sites. not even how-to-geek. i would of thought better of them than to post something that has no proof behind it.

as for this "Bitwarden" mentioned above would not trust it cause not finding a one review of it from ANY site i trust unlike lastpass.

[smurphos]

list ALL the affected sites on one page for peeps to browser through

https://haveibeenpwned.com/PwnedWebsites - here you go - the list links to original disclosures, new stories etc were relevant.

[MrGrimm]

are you friggin serious a list of the current sites that were breached, NOT everything from the beginning of time.

[rene]

I'm about to start " road-testing " Bitwarden to manage them all , and I'm wondering if others here have used it. Open source and cross-platform are both plus points for me.

I had a test run with it a few months ago and was fairly satisfied. A major downside for me was missing Thunderbird support, a major upside the possibility to host the Bitwarden server locally. In the end it for me fell short of simply using e.g KeePassXC but that in part due to me simply not reacting all that favourably to the web technologies it's built with; Javascript largely. As far as I've looked at things it fundamentally seemed solid, though.