cancel
Showing results for 
Search instead for 
Did you mean: 

General Discussions

Nearly 773 million email accounts have been exposed in a massive data breach. Here's how to check if you were affected

A massive database containing 772,904,991 unique email addresses and more than 21 million unique passwords were recently posted to an online hacking forum, according to Wired.

The hack was first reported by Troy Hunt of the hack security site Have I Been Pwned, which lets you check whether your email and passwords have been compromised and which sites your information was leaked from.

The data collection as a whole, called "Collection #1," doesn't appear to originate from a certain source, but is rather an aggregation of 2,000 leaked databases that include passwords that have been cracked, according to Wired. That's to say the protective layer that scrambles, or "hashes," a password to prevent your original password from being visible has been cracked, and the passwords are presented in a usable form on hacking forums.

Data in Collection #1 wasn't put up for sale, like many data leaks are. It was first hosted on popular cloud hosting site Mega before being taken down, then posted on a public hacking site.

"Collection #1" is among the largest data breaches in history, second only to Yahoo's hackthat affected as many as 3 billion users.

How to check if you've been affected

14 Replies

Great to hear all these huge breaches of our personal data that can be used to hack either our Online accounts or computer.

Last month I had a Russian hack into my Amazon Account twice in two weeks. The second time I had activated the Two Step log in. Totally worthless. My account was hacked within a day after Amazon re-activated my clean account again. I now have it disabled and Amazon lost a 20 -25 year Customer in the process because they can't secure their Customer's Amazon Accounts.

Then in the same week an Iranian in Tehran, Iran tried to log in my Facebook Account. Luckily I had a Two Step log in after what happened with Amazon the hacker couldn't hack into my Facebook Account.

Both were using my primary Email Account to a hack into my online accounts.

Chrome has finally been brought/forced to the 21 century and is making a change in how the stored passwords are accessed. Anyone who hacks into your account has no problem accessing all your saved user name/passwords. This is also true of Firefox...except they haven't mentioned any future plans to stop it.

Google Planning More Security for Chrome OS Saved Passwords - ExtremeTech

Luckily I don't use any of my Browsers to store any log ins or password. I use Roboform. But not sure how secure that software is but I have been using it for several years now without incidence related to that particular software.

Plus I have installed a program called KeyScrambler that automatically scrambles all my keyboard strokes while typing on Online.

I suspect my email data was compromised by several breaches including Facebook and Experian and Home Depot and a couple other I don't recall at the moment or my wife or me visiting a false or malicious site.

After what happen last month, I conducted some exhaustive scans looking for any viruses or malware or malicious Keystroke software in my computer. Came out clean and couldn't find any suspicious files with odd names or misspelled file names. So, I suspect I must of gone to a malicious website that stole my data or from one of the many breaches in various companies and online websites where my personal data was compromised.

LoL, now when I usually create a password has in it "Screw you" "Hijacked" etc. in the password.

Last I saw Firefox encrypted anything you sync to your Firefox account (passwords included) with 256 bit encryption

https://www.hub.packtpub.com/introducing-firefox-sync-centered-around-user-privacy/

0 Likes

Saved passwords is still to easy to find...and the passwords on the latest Firefox

0 Likes

Chrome, Edge and Firefox all use AES256 to secure the password tables

I use very strong passwords and so far nobody has been able to gain any illegal access to my accounts

0 Likes

Did you check?

0 Likes

While the LOCAL keys.db file in Firefox uses woeful encryption (SHA-1 iterations 1), the Firefox Account and Firefox Lockbox uses AES256-GCM encryption and HMAC SHA-256 "to hash searchable data". The latter is fairly unbreakable, but the former is really only a problem if you get your stuff lifted by a hacker experienced in such things, or do something stupid like use a master password of 1234 or the like instead of something like "Th3 Day Was Sunny New 3ngland (heats" as most thieves will just sell the computer or the parts, or blow it all away and start fresh.

Still, the biggest problem is sensitive websites, such as financial websites, still not using 2 factor authentication of some sort. Even SMS based 2FA, while the least secure type, still acts as a major deterrent to the common thief.

0 Likes

What I dislike about the 2 factor thing, is giving out yet one more thing to be stolen. I don't even give my doctor my real phone number.

0 Likes

These days hundreds of companies know everything about you from info sold by your phone company. I'm still getting stuff from my  info AT&T sold even though I haven't had them for over 5 years (I know this because they misspelled my name).

0 Likes

How do you remember all those complex passwords?  Especially if you have like 50 or more websites?

Do you write it down in a list or do you use your Browser to store the passwords or an 3rd party software similar to Roboform?

I use KeePass for storing passwords (just checked and I have 150 accounts saved over the years, I only use a tiny fraction of them). It uses ChaCha20 - 256 bit encryption with a long password. The DB is stored locally. I use a different password for every site. I have 3 junk emails, which I have accrued over time, each with their own long randomly generate password that I allow the browser to store locally. I have one true email for important stuff.

I use firefox without an account so login/passwords I tell the browser to store are only local. No one uses my computers but me.

For very important stuff like banking/cc accounts, I never store the account name or password, and never allow browser to remember it. I just remember it. I even have a dedicated cheap laptop for only accessing the those accounts, and nothing else.

==================

Generally speaking, how this hacking stuff works is that one site gets hacked. The hacker uses the account name/email address with the hacked password to login into other sites, and keep chaining them along until they can get to some money/items.

So priority #1 is to use a different password everywhere you don't want to get hacked. Consider every place you enter an email/password as hacked, and what the hacker can use that email/password to get to other accounts you use. If that combo is unique, then the hacker can get to nothing else.

When I read your original story, I suspect that another account was hacked with identical login credentials, and then used to login into amazon. From there, the hacker got into facebook, and or perhaps even another site you use with identical facebook login credentials was hacked.

The moral of the story is, for every account login that you care about, give it a unique account name/password combination, and make sure you use good passwords.

right now close to 2/3 of corporate databases have been copied, including the credit reporting companies

its so pathetic how many get broken into

0 Likes
noodles59
Miniboss

I have coded my own password generator and it's fairly safe -- never had issues:

qANӌAYpyêuznlmúcȻÜÙkáBTåȻû6ÃLx