Email data breach

Discussion in 'Bulletin Board' started by Farnham_Red, Jan 17, 2019.

  1. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    21,255
    Likes Received:
    1,837
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Just got this through from my professional body so I am fairly sure its genuine looks like a lot of email and password information has been leaked somewhere

    https://eandt.theiet.org/content/ar...en-email-addresses-leaked-in-huge-data-breach

    I checked my email addresses on the Have I been Pwned link in the article and my work ones are clear but my personal ones arent I dont tend to buy or register for things with my work email except for professional purposes so I guess its the commercial stuff that has been leaked

    Might be worth a password update - especially if you use the same username and password for multiple sites
     
  2. W1z

    W1zz Well-Known Member

    Joined:
    Feb 5, 2008
    Messages:
    4,131
    Likes Received:
    306
    Trophy Points:
    83
    Gender:
    Male
    Location:
    Barnsley
    Style:
    Barnsley (full width)
    Got an email this morning from Have I been Pwned informing me two of my email address are on the list.

    You can also check if your password(s) is out in the open by using their password checker. https://haveibeenpwned.com/Passwords
     
  3. leeupo

    leeupo Member

    Joined:
    Mar 29, 2014
    Messages:
    163
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    Shafton
    Home Page:
    Style:
    Barnsley
    Also had an email re one of mine this morning.
     
  4. Sta

    Stahlrost Well-Known Member

    Joined:
    Oct 13, 2006
    Messages:
    16,834
    Likes Received:
    3,255
    Trophy Points:
    113
    Gender:
    Male
    Occupation:
    None
    Location:
    Dodworth
    Home Page:
    Style:
    Barnsley
    I've been "pwned" also. Recently I've started receiving emails demanding money to stop videos of me watching (actively!) porn being sent to my wife and other family members. They're bollox of course, but just in case anybody gets one, it's not me...
     
    leeupo likes this.
  5. Orared

    Orared Active Member

    Joined:
    Jul 18, 2005
    Messages:
    577
    Likes Received:
    103
    Trophy Points:
    43
    Gender:
    Male
    Occupation:
    Accountant, now retired
    Location:
    Elsecar
    Style:
    Barnsley (full width)
    Just checked an old email address of mine, which I know has been closed down, and it says I've been pwned. Seems a bit odd.
     
  6. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    21,255
    Likes Received:
    1,837
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Thats not so useful unless you have a way to check if it is in any way linked to your account

    For example if you put in Oakwell as a password it tells you its been seen 32 times but unless there is anything to link it to your account it shouldnt be anything to worry about - Its not one of my passwords by the way
    I did find a password I used on a few shopping sites has been used by others and possibly is linked to one of my email accounts so I probably should change it. Interestingly my password for on here is out in the wild as well but as we dont login with an email address its a stretch to be worried
     
  7. Farnham_Red

    Farnham_Red Administrator Staff Member Admin

    Joined:
    Jul 18, 2005
    Messages:
    21,255
    Likes Received:
    1,837
    Trophy Points:
    113
    Location:
    Farnham
    Style:
    Barnsley
    Not really - if its one you used in the past and some site saved it and then got hacked it could still be on the list I doubt whoever is flogging the list on has checked the emails are genuine - I am sure some people have even used none existent email addresses to register for some sites but they will still be on the lists
     
  8. Skryptic

    Skryptic Well-Known Member

    Joined:
    Mar 23, 2015
    Messages:
    1,345
    Likes Received:
    441
    Trophy Points:
    83
    Style:
    Barnsley (full width)
    While you may have closed the account, the email address itself will still be on the lists shared between hackers.
     
  9. Cam

    Cambridge Red Well-Known Member

    Joined:
    Aug 9, 2005
    Messages:
    1,344
    Likes Received:
    291
    Trophy Points:
    83
    Occupation:
    Geek
    Location:
    No clues ..
    Home Page:
    Style:
    XenForo - Xenith Reds
    So let me get this right ... they're asking people to go to this particular website and type in their email address & then possibly also go further and check to see if their password is on another list this website has ... and you do this probably within minutes and most likely from the same pc ( with the same ip address). Aye okay sounds cosher to me.
     
    Tomi and Farnham_Red like this.
  10. Mapplewell Red

    Mapplewell Red Well-Known Member

    Joined:
    Jul 28, 2017
    Messages:
    1,648
    Likes Received:
    1,306
    Trophy Points:
    113
    Gender:
    Male
    Style:
    Barnsley (full width)
    Slightly off topic but is there any reason why barnsleyfc.org.uk is not a secure website? It’s the only website that I’m aware of that requires log in details but isn’t secure. I presume it’s a financial issue but I’m not a tech expert.
     
  11. Red

    RedMonk Well-Known Member

    Joined:
    Aug 8, 2011
    Messages:
    1,193
    Likes Received:
    485
    Trophy Points:
    83
    Style:
    Barnsley
    Yeah, you have to pay for SSL cert to be secure. It can get quite expensive for top end packages.
     
    Mapplewell Red likes this.
  12. Gravy Chips

    Gravy Chips Well-Known Member

    Joined:
    Jun 1, 2016
    Messages:
    525
    Likes Received:
    386
    Trophy Points:
    63
    Gender:
    Male
    Occupation:
    Web Developer
    Location:
    Tarn Centre
    Style:
    Barnsley (full width)
    You can get a free SSL from Let's Encrypt now, so the BBS really ought to get one
     
  13. John Peachy

    John Peachy Well-Known Member

    Joined:
    Aug 21, 2011
    Messages:
    7,876
    Likes Received:
    2,556
    Trophy Points:
    113
    Occupation:
    DJ
    Location:
    Leeds, United Kingdom
    Home Page:
    Style:
    Barnsley (full width)
    Thankfully I'm only Peachy here. I'm normally Get_Rammell_On_1492
     
  14. Tek

    Tekkytyke Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    3,435
    Likes Received:
    835
    Trophy Points:
    113
    Occupation:
    Retired
    Location:
    Italy
    Style:
    Barnsley (full width)
    Exactly what I thought. Why would anyone go on a single site and enter a login ID and pwd?
    Like that Public information ad on the TV with the smiling call centre girl asking for "numbers 1 and 3 of your 4 digit security code", apologising, saying she did not hear that and " can you give me numbers 2 and 4?". Her smile becomes a smirk and she looks at the camera and says " did you see what I did there?"
     
  15. leeupo

    leeupo Member

    Joined:
    Mar 29, 2014
    Messages:
    163
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    Shafton
    Home Page:
    Style:
    Barnsley
    It checks emails and passwords separately. Obviously these could potentially be linked by IP address.
     
  16. Sco

    Scoff Well-Known Member

    Joined:
    Aug 18, 2011
    Messages:
    3,525
    Likes Received:
    825
    Trophy Points:
    113
    Occupation:
    The interface between business and technology
    Location:
    Brampton by the Sea
    Style:
    Barnsley (full width)
    And thats why you should have different accounts/email addresses for different activities. :)
     
    Stahlrost likes this.
  17. W1z

    W1zz Well-Known Member

    Joined:
    Feb 5, 2008
    Messages:
    4,131
    Likes Received:
    306
    Trophy Points:
    83
    Gender:
    Male
    Location:
    Barnsley
    Style:
    Barnsley (full width)
    Yes it’s probably only of use if you tend to use complex passwords. I did use the same semi-complex password for certain websites, like forums. This is when I consider the details they hold to be basic. Username and email. This password is know on that checker. So I’ve since gone through those sites and changed them.
    I keep all my login details in 1Password, so it was easy to see which sites used that password.

    Where available, I now always use 2 factor authentication. Like on here ;)
     

Share This Page