General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMassive 'Collection #1' breach hits 773 million email accounts
Here is where you might be able to check to see if you are on the list of accounts:
https://haveibeenpwned.com/
Here is list of sites that were affected:
https://pastebin.com/UsxU4gXA
Here is story of it:
Cybersecurity researcher Troy Hunt revealed today in a blog post that the massive collection of login information appeared last week on the cloud sharing service MEGA. Hunt runs the website Have I Been Pwned, a database of breaches where anyone can see if their information has been exposed in this dump or others.
Cybersecurity experts have called the database among the largest collections of usernames and passwords yet, more than twice the size of the recent Marriott breach. Dubbed "Collection #1," the dump includes information from thousands of websites
ts still unknown who collected the information or where the breach originated. The information appears to come from a random assortment of sites, ranging from botanyconference.org to organic.org.
Midnightwalk
(3,131 posts)Use non-trivial but easy to remember passwords. Dupassw0rd sucks. K1ssmywh@t is better. 1haveredfle@s is good
Change your passwords periodically.
Use different passwords for each site as much as you can.
Your email password should be different than any other. I dont care if i forget the password to something i use once a year, but the way you reset passwords often uses an email exchange. Your email password can unlock your other ones.
Lecture over. Behave.
Qutzupalotl
(14,289 posts)What's your opinion of the site at the OP's link result, 1password dot com?
Midnightwalk
(3,131 posts)I should have thought of saying that. I just remembered i didnt change my email password since and changed it. I havent seen any other account notifications in texts or email. I also enable 2 tiered authentication where you get a text with a number you have to enter on the reset your password link you get in your email wherever i can.
You can hover over a link and see where it really goes (it doesnt necessarily match the blue text$. Never give a site you dont recognize personal information like your email address I dont recognize those sites so i would have not gone there if it even crossed my mind
The other thing I should have said is never put personal information in your password. I dont have red fleas so that is a good phrase for me. Iseeoinkelephants might not be
Edit: I dont know how to the hover trick on my phone.
hlthe2b
(102,138 posts)Kittycow
(2,396 posts)Celerity
(43,130 posts)A "paste" is information that has been "pasted" to a publicly facing website designed to share content such as Pastebin. These services are favoured by hackers due to the ease of anonymously sharing information and they're frequently the first place a breach appears.
HIBP searches through pastes that are broadcast by the @dumpmon Twitter account and reported as having emails that are a potential indicator of a breach. Finding an email address in a paste does not immediately mean it has been disclosed as the result of a breach. Review the paste and determine if your account has been compromised then take appropriate action such as changing passwords.