773 million email addresses and usernames exposed in hack

Information, discussions, warnings, and friendly assistance with all your computer-related problems.

Moderators: godfather, Dreamweaver

Post Reply
User avatar
Perrorist
Administrator
Posts: 5228
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

773 million email addresses and usernames exposed in hack

Post by Perrorist » 18 Jan 2019, 15:56

Check this out to see if you're affected: https://www.staysmartonline.gov.au/aler ... %99-breach

User avatar
lynny
Diamond Member
Posts: 69789
Joined: 30 Sep 2005, 17:15
Location: Hobart Tasmania

Re: 773 million email addresses and usernames exposed in hack

Post by lynny » 18 Jan 2019, 16:32

Scared to touch anything now - but I did and it said I'd been pwned. 8-[

That jargon is all very technical and hard for me to understand anyway. What now? Change all my passwords? I'd be glad of some advice.

User avatar
Perrorist
Administrator
Posts: 5228
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

Re: 773 million email addresses and usernames exposed in hack

Post by Perrorist » 18 Jan 2019, 17:37

When it tells you you've been pwned, scroll down and you'll see the sites where you might be compromised. Those are the sites to log into and change your password. There won't be many, I suspect.

User avatar
Dreamweaver
Global Moderator
Posts: 10146
Joined: 16 Sep 2005, 15:46
Location: Victoria

Re: 773 million email addresses and usernames exposed in hack

Post by Dreamweaver » 18 Jan 2019, 20:17

Oh no — pwned!
Pwned on 4 breached sites and found no pastes (subscribe to search sensitive breaches)
So I need to subscribe to find out more? But no pastes means all ok?
I dream, therefore I am.

User avatar
Perrorist
Administrator
Posts: 5228
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

Re: 773 million email addresses and usernames exposed in hack

Post by Perrorist » 18 Jan 2019, 20:51

You don't need to subscribe. Just change your password on those sites for added security.

User avatar
Biggdad
Gold Member
Posts: 4512
Joined: 06 Jul 2013, 17:23
Location: Sydney West.

Re: 773 million email addresses and usernames exposed in hack

Post by Biggdad » 18 Jan 2019, 22:12

Thanks Perri: mine is O/K

User avatar
Dreamweaver
Global Moderator
Posts: 10146
Joined: 16 Sep 2005, 15:46
Location: Victoria

Re: 773 million email addresses and usernames exposed in hack

Post by Dreamweaver » 19 Jan 2019, 00:15

I'm given 4 sites as being
Collection #1 logo
Collection #1 (unverified): In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.

Compromised data: Email addresses, Passwords

Exploit.In logo
Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

LinkedIn logo
LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

You've Been Scraped logo
You've Been Scraped: In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator. Containing a total of over 66M records, the owner of the data couldn't be identified but it is believed to have been scraped from LinkedIn hence the title "You've Been Scraped". The exposed records included names, both work and personal email addresses, job titles and links to the individuals' LinkedIn profiles.

Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Social media profiles
I recognise only LinkedIn. I changed the password there after I found out back in 2016. So what are the others, and do I need to do anything else?
I dream, therefore I am.

User avatar
Perrorist
Administrator
Posts: 5228
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

Re: 773 million email addresses and usernames exposed in hack

Post by Perrorist » 19 Jan 2019, 06:36

You may not remember using them or perhaps it was indirectly (e.g. the site had a different name back then or became part of another site). See if they have a login form. Enter your email address and click Forgot Password (or similar). You should get an email allowing you to set a new password.

Post Reply