THE ULTIMATE SCAM?

We’re being told half a billion email passwords may have been hacked at a variety of places.

However, to see if your email address was one of those they want you to click on to another site to verify.

Sure sounds like a great way to fuck over many people.

You know by now that you should be changing your passwords regularly— every day there seems to be another cyber security crisis. If you haven’t changed your passwords recently, it’s now officially time: a massive database containing login credentials is floating around the internet.

We don’t know who’s behind the breach, but over 560 million leaked emails and passwords — 243.6 million unique email addresses — are compromised. First uncovered by the Kromtech Security Research Center, the leak has been confirmed by security researcher Troy Hunt, who created the “Have I Been Pwned” website.

Using a password manager is basically internet security 101 these days, but that doesn’t make them…

The good news is, there hasn’t been a new hack: the trove of credentials is a collection of data from previous breaches at LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr and others. Some of these breaches are years old.

What makes this database troublesome from a security standpoint is how accessible it makes sensitive information. It basically compiled private data from various prior hacks to create one convenient database for hackers to illegally access.

Who is at risk?

Essentially, anyone who never updated their credentials at the time of the original breach. If you haven’t stayed on top of every hack and checked your status each and every time, then you could be at risk.

How to check if your credentials are compromised

The easiest way to see if your credentials are vulnerable is to go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.

You may have changed your password at the time of a given breach, but let’s be real: you may not remember. If you scroll below the results, the site shows you which breaches you were impacted by. To view information on sensitive breaches, subscription is required. If this is your first time on the site and you get the dreaded “Oh no—pwned!” message, then it’s best take a screenshot of the result and change your password immediately.

Why screenshot? The site tells you how many “breached sites” it’s on (in other words, how many unique incidents took your credentials) and if there are any “pastes” — a paste is when the information is shared on a public website. Saving this information (you can also jot it down somewhere safely) can let you know in the future if you’ve been breached again if the information in the results change.

Don’t understand what’s going on? It’s okay. Just go change your email password to be safe. And be sure to create a strong password.

Advertisements
This entry was posted in Misc. Bookmark the permalink.

One Response to THE ULTIMATE SCAM?

  1. redneckgeezer says:

    Have I been pwned is a great resource. Been using it for awhile now. What I found interesting is that my main email says it was compromised on LinkedIn. I have never used LinkedIn, but I have had a dozen or so users send my invites. I changed my password and have learned to change it about once a month. If we ever find any of the people who do this stuff, we should take them out behind the woodshed and flog them within an inch of their lives or even further.

Comments are closed.