Massive password leaks
Massive password leaks
Here is the german site with the article: 2.2 Billion Accounts affected
The article is in german, i will try to find an english translation.
Basicalls its an article that 2.2 billion account informations got leaked. You can check if you are affected HERE (english preselected)
pps: ok google website translator is discontinued, anybody with a decent german->english service we can use for the article? the article afffects 2.2 billion users, not only 89 million germans
Please reply with a good service which translates the original article Thanks
The article is in german, i will try to find an english translation.
Basicalls its an article that 2.2 billion account informations got leaked. You can check if you are affected HERE (english preselected)
pps: ok google website translator is discontinued, anybody with a decent german->english service we can use for the article? the article afffects 2.2 billion users, not only 89 million germans
Please reply with a good service which translates the original article Thanks
-
- Addict
- Posts: 4527
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: Massive password leaks
Hmm, I get one match with my Gmail address, but none when I check with https://haveibeenpwned.com.
Re: Massive password leaks
I would change the gmail password, change it on any other services where you used it and verify any service that depends on your gmail accounts security for the previous 4 and the coming 4 weeks. Just in caseDude wrote:Hmm, I get one match with my Gmail address, but none when I check with https://haveibeenpwned.com.
None of my accounts was affected but i will change all passwords periodically anyhow, cant hurt (unless i forget the new passwords
Re: Massive password leaks
Unfortunately, 2-factor-authentication is the only thing that protects (exp. SaaSPass).
It's annoying but necessary...
It's annoying but necessary...
Re: Massive password leaks
Yes, I have 2FA enabled for Gmail anyway, so anyone trying to log in from an unknown device will trigger both a text message to me, and an email alert to my wife's email. Nothing so far. And I don't use Gmail or Facebook to log in to anything - I always create a dedicated account instead. Offers of "Log in with Google" is nothing but a major security risk - never do it!HanPBF wrote:2-factor-authentication is the only thing that protects
- NicTheQuick
- Addict
- Posts: 1227
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: Massive password leaks
It's better to choose a strong password instead of changing it every few month, because people tend to choose weak passwords if they have to remember them again and again. Of course this is not true when using a password manager but that should be clear.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Re: Massive password leaks
Those are leaks, though. A strong password that you never change doesn't help you when the likes of Dropbox (2012, it's part of that list, not sure where the more recent leaks come from) store your password in plain text and get hacked or "release" the data by accident.
Re: Massive password leaks
This has nothing to do with password strength. The attackers aren't brute forcing hashes they are just publishing dumps from poorly managed systems with no hashes.
I've had mine dumped too, but it was all crappy sites I didn't trust with identities or CC. One day they will get my indentity no matter what password I use or second-factor because I have no say in system management for services I use(like using Intuit and Uber).. Freezing your credit is an annoying process in all countries; changing CC is quick and easy..
Also 2FA and U2F doesn't really help if they have access above CGI script inputs.. These are mostly Apache module vulns and leaked SSH keys and credentials through phishing and XSS and SQLi attacks.
2FA and U2F and knowing how to freeze credit and change cards is the best defense. Don't re-use passwords and make them with a PRNG and character table. Never use a password manager that has cloud or sync features..
I've had mine dumped too, but it was all crappy sites I didn't trust with identities or CC. One day they will get my indentity no matter what password I use or second-factor because I have no say in system management for services I use(like using Intuit and Uber).. Freezing your credit is an annoying process in all countries; changing CC is quick and easy..
Also 2FA and U2F doesn't really help if they have access above CGI script inputs.. These are mostly Apache module vulns and leaked SSH keys and credentials through phishing and XSS and SQLi attacks.
2FA and U2F and knowing how to freeze credit and change cards is the best defense. Don't re-use passwords and make them with a PRNG and character table. Never use a password manager that has cloud or sync features..
The truth hurts.