Email data breach

Discussion in 'Bulletin Board' started by Farnham_Red, Jan 17, 2019.

  1. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    33,657
    Likes Received:
    22,830
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Just got this through from my professional body so I am fairly sure its genuine looks like a lot of email and password information has been leaked somewhere

    https://eandt.theiet.org/content/ar...en-email-addresses-leaked-in-huge-data-breach

    I checked my email addresses on the Have I been Pwned link in the article and my work ones are clear but my personal ones arent I dont tend to buy or register for things with my work email except for professional purposes so I guess its the commercial stuff that has been leaked

    Might be worth a password update - especially if you use the same username and password for multiple sites
     
  2. W1z

    W1zz Well-Known Member

    Joined:
    Feb 5, 2008
    Messages:
    4,155
    Likes Received:
    315
    Trophy Points:
    83
    Gender:
    Male
    Location:
    Barnsley
    Style:
    Barnsley (full width)
    Got an email this morning from Have I been Pwned informing me two of my email address are on the list.

    You can also check if your password(s) is out in the open by using their password checker. https://haveibeenpwned.com/Passwords
     
  3. leeupo

    leeupo Well-Known Member

    Joined:
    Mar 29, 2014
    Messages:
    515
    Likes Received:
    335
    Trophy Points:
    63
    Location:
    Shafton
    Home Page:
    Style:
    Barnsley (full width)
    Also had an email re one of mine this morning.
     
  4. Sta

    Stahlrost Well-Known Member

    Joined:
    Oct 13, 2006
    Messages:
    21,105
    Likes Received:
    13,025
    Trophy Points:
    113
    Gender:
    Male
    Occupation:
    None
    Location:
    Dodworth
    Home Page:
    Style:
    Barnsley Dark
    I've been "pwned" also. Recently I've started receiving emails demanding money to stop videos of me watching (actively!) porn being sent to my wife and other family members. They're ****** of course, but just in case anybody gets one, it's not me...
     
    leeupo likes this.
  5. Orared

    Orared Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    981
    Likes Received:
    844
    Trophy Points:
    93
    Gender:
    Male
    Occupation:
    Accountant, now retired
    Location:
    Elsecar
    Style:
    Barnsley (full width)
    Just checked an old email address of mine, which I know has been closed down, and it says I've been pwned. Seems a bit odd.
     
  6. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    33,657
    Likes Received:
    22,830
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Thats not so useful unless you have a way to check if it is in any way linked to your account

    For example if you put in Oakwell as a password it tells you its been seen 32 times but unless there is anything to link it to your account it shouldnt be anything to worry about - Its not one of my passwords by the way
    I did find a password I used on a few shopping sites has been used by others and possibly is linked to one of my email accounts so I probably should change it. Interestingly my password for on here is out in the wild as well but as we dont login with an email address its a stretch to be worried
     
  7. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    33,657
    Likes Received:
    22,830
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Not really - if its one you used in the past and some site saved it and then got hacked it could still be on the list I doubt whoever is flogging the list on has checked the emails are genuine - I am sure some people have even used none existent email addresses to register for some sites but they will still be on the lists
     
  8. Skryptic

    Skryptic Well-Known Member

    Joined:
    Mar 23, 2015
    Messages:
    2,829
    Likes Received:
    2,865
    Trophy Points:
    113
    Style:
    Barnsley (full width)
    While you may have closed the account, the email address itself will still be on the lists shared between hackers.
     
  9. Cam

    Cambridge Red Well-Known Member

    Joined:
    Aug 9, 2005
    Messages:
    1,811
    Likes Received:
    1,197
    Trophy Points:
    113
    Occupation:
    Geek
    Location:
    No clues ..
    Home Page:
    Style:
    Barnsley (full width)
    So let me get this right ... they're asking people to go to this particular website and type in their email address & then possibly also go further and check to see if their password is on another list this website has ... and you do this probably within minutes and most likely from the same pc ( with the same ip address). Aye okay sounds cosher to me.
     
    Tomi and Farnham_Red like this.
  10. MappRed

    MappRed Well-Known Member

    Joined:
    Jul 28, 2017
    Messages:
    1,805
    Likes Received:
    1,642
    Trophy Points:
    113
    Style:
    Barnsley (full width)
    Slightly off topic but is there any reason why barnsleyfc.org.uk is not a secure website? It’s the only website that I’m aware of that requires log in details but isn’t secure. I presume it’s a financial issue but I’m not a tech expert.
     
  11. Red

    RedMonk Well-Known Member

    Joined:
    Aug 8, 2011
    Messages:
    2,231
    Likes Received:
    1,805
    Trophy Points:
    113
    Style:
    Barnsley (full width)
    Yeah, you have to pay for SSL cert to be secure. It can get quite expensive for top end packages.
     
    MappRed likes this.
  12. Gravy Chips

    Gravy Chips Well-Known Member

    Joined:
    Jun 1, 2016
    Messages:
    2,376
    Likes Received:
    5,460
    Trophy Points:
    113
    Occupation:
    Web Designer
    Location:
    Tarn Centre
    Style:
    Barnsley (full width)
    You can get a free SSL from Let's Encrypt now, so the BBS really ought to get one
     
  13. John Peachy

    John Peachy Well-Known Member

    Joined:
    Aug 21, 2011
    Messages:
    16,737
    Likes Received:
    16,023
    Trophy Points:
    113
    Occupation:
    The littlest hobo
    Location:
    Leeds, United Kingdom
    Home Page:
    Style:
    Barnsley (full width)
    Thankfully I'm only Peachy here. I'm normally Get_Rammell_On_1492
     
  14. Tek

    Tekkytyke Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    7,369
    Likes Received:
    4,609
    Trophy Points:
    113
    Occupation:
    Retired
    Location:
    Italy
    Style:
    Barnsley Dark
    Exactly what I thought. Why would anyone go on a single site and enter a login ID and pwd?
    Like that Public information ad on the TV with the smiling call centre girl asking for "numbers 1 and 3 of your 4 digit security code", apologising, saying she did not hear that and " can you give me numbers 2 and 4?". Her smile becomes a smirk and she looks at the camera and says " did you see what I did there?"
     
  15. leeupo

    leeupo Well-Known Member

    Joined:
    Mar 29, 2014
    Messages:
    515
    Likes Received:
    335
    Trophy Points:
    63
    Location:
    Shafton
    Home Page:
    Style:
    Barnsley (full width)
    It checks emails and passwords separately. Obviously these could potentially be linked by IP address.
     
  16. Sco

    Scoff Well-Known Member

    Joined:
    Aug 18, 2011
    Messages:
    8,241
    Likes Received:
    6,651
    Trophy Points:
    113
    Occupation:
    The interface between business and technology
    Location:
    Brampton by the Sea
    Style:
    Barnsley (full width)
    And thats why you should have different accounts/email addresses for different activities. :)
     
    Stahlrost likes this.
  17. W1z

    W1zz Well-Known Member

    Joined:
    Feb 5, 2008
    Messages:
    4,155
    Likes Received:
    315
    Trophy Points:
    83
    Gender:
    Male
    Location:
    Barnsley
    Style:
    Barnsley (full width)
    Yes it’s probably only of use if you tend to use complex passwords. I did use the same semi-complex password for certain websites, like forums. This is when I consider the details they hold to be basic. Username and email. This password is know on that checker. So I’ve since gone through those sites and changed them.
    I keep all my login details in 1Password, so it was easy to see which sites used that password.

    Where available, I now always use 2 factor authentication. Like on here ;)
     

Share This Page