NanLaew Posted April 21, 2021 Share Posted April 21, 2021 (edited) Five days ago, I got the following from Google. I changed my Google password and then did some housekeeping and deleted a slew of saved passwords and logins for sites that I no longer access or have been "404'd". Last night, I logged into my eBay account for the first time in many months. It prompted that I was logging in from a "different computer" and I went through a simple 'not a robot' verification procedure. I thought the "different computer" notice was strange since I only access eBay on my laptop and office computers and I was on my laptop. Anyway, I was advised that my logins had been compromised, my password and security questions had been reset and I needed to get a PIN to continue to the Password reset. PIN received but when I went to the Change Password option, it required a confirmation SMS to my US phone number that has expired and no longer valid. Lacking any other options, I emailed their Security explaining the issue and asking for a workaround. Meanwhile, I am acquiring a new US phone number. I am an infrequent eBay user and not a bulk buyer/seller. There was a message posted by a member on LinkedIn last week that LinkedIn had a significant data breach but so far, LinkedIn haven't messaged their members about it. Here's one article relating to this breach. https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ I used their "personal data leak checker database" to check the four email addresses I use and my 'junk' account (not a gmail account) tested +ve. Apparently there was an earlier data breach on Facebook (I am not a member) so maybe a good time for those with multiple online accounts to do some housekeeping and forensics on their logins and passwords. Stay safe online! NL Edited April 21, 2021 by NanLaew 1 Link to comment Share on other sites More sharing options...
robblok Posted April 21, 2021 Share Posted April 21, 2021 Problem is that many people use one password for many sites. I did that in the past too. Then i got last pass and it remembers all the sites and there is just one main password. So now I dont care anymore if a site is hacked i got different passwords for all sites. Last pass made it possible otherwise i would not have done so as i would have to remember them all. Link to comment Share on other sites More sharing options...
fdsa Posted April 21, 2021 Share Posted April 21, 2021 15,212,645,925 Breached Accounts 2,563,218,607 Unique emails checked my email leaked from at least 4 websites (I found their databases in public access) and this "2.5 bln unique emails" website found nothing. meh, they don't even have the BTC-e leak. 1 hour ago, robblok said: Problem is that many people use one password for many sites. now there is another huge problem - is that many people use same email for many sites. I used to do that years ago but after all those leaks began to appear in public I started registering a new fake email or using a junk mailbox for every single website. 1 Link to comment Share on other sites More sharing options...
Nakdontree Posted April 24, 2021 Share Posted April 24, 2021 On 4/21/2021 at 11:34 AM, NanLaew said: It prompted that I was logging in from a "different computer" This is the normal behaviour of many websites after you've cleaned your browser cache (which you should do at least once a month, anyway). 1 Link to comment Share on other sites More sharing options...
Popular Post Brock Posted April 27, 2021 Popular Post Share Posted April 27, 2021 I hope you didnt use the links provided in the email, as this is a common phishing scam. I suggest you login to your Google account now, directly and change the password / login info again, You probabbly have given away your google account. Never respond to emails of this type as they usually are a scam. 7 2 Link to comment Share on other sites More sharing options...
timendres Posted April 27, 2021 Share Posted April 27, 2021 On 4/21/2021 at 11:34 AM, NanLaew said: Last night, I logged into my eBay account for the first time in many months. It prompted that I was logging in from a "different computer" and I went through a simple 'not a robot' verification procedure. I thought the "different computer" notice was strange since I only access eBay on my laptop and office computers and I was on my laptop. This is typically the result of your ISP router getting a new dynamic IP address. It is very common and nothing to be concerned about. Link to comment Share on other sites More sharing options...
salsajapan Posted April 27, 2021 Share Posted April 27, 2021 On 4/21/2021 at 1:40 PM, robblok said: Problem is that many people use one password for many sites. I did that in the past too. Then i got last pass and it remembers all the sites and there is just one main password. So now I dont care anymore if a site is hacked i got different passwords for all sites. Last pass made it possible otherwise i would not have done so as i would have to remember them all. I would not use any tool and I find ridiculous that people are not able to use different passwords for different websites. It's so easy to set up a rule that allow to find each website password without having to remember it. Just remember the rule that is similar for all websites and that allow to create a different password based on this rule. But it seems too difficult for most people, so funny ???? 1 Link to comment Share on other sites More sharing options...
robblok Posted April 27, 2021 Share Posted April 27, 2021 2 minutes ago, salsajapan said: I would not use any tool and I find ridiculous that people are not able to use different passwords for different websites. It's so easy to set up a rule that allow to find each website password without having to remember it. Just remember the rule that is similar for all websites and that allow to create a different password based on this rule. But it seems too difficult for most people, so funny ???? Because people use many different websites, i use over 50+ different websites with logon and some have their own limitations. Like you have to use Upper case and lower case and number and special things. So sure you could set up a rule or you can just use a too that does it for you. I don't understand why people take the hard way when you can do it easy. But then again some people are funny like you said. 1 Link to comment Share on other sites More sharing options...
salsajapan Posted April 27, 2021 Share Posted April 27, 2021 (edited) 4 minutes ago, robblok said: Because people use many different websites, i use over 50+ different websites with logon and some have their own limitations. Like you have to use Upper case and lower case and number and special things. So sure you could set up a rule or you can just use a too that does it for you. I don't understand why people take the hard way when you can do it easy. But then again some people are funny like you said. I am registered on hundreds websites... my rules use special characters and numbers and capital letters, but when not available there is a backup rule that work when special characters or capital letters are not available... yes ! correct ! you are so funny if you trust any tool / program where your passwords are stored, even encrypted.... See you again when you will post here whinning about your hacked passwords.... Edited April 27, 2021 by salsajapan Link to comment Share on other sites More sharing options...
robblok Posted April 27, 2021 Share Posted April 27, 2021 1 minute ago, salsajapan said: I am registered on hundreds websites... my rules use special characters and numbers and capital letters, but when not available there is a backup rule that work when special characters or capitla letters are not available... Great.. for you and you know what, i don't even have to type anything as that tool remembers it all and all I have to do is remember the main password and done. Its easier and if only used on a computer its free. So no complaints. But sure if your system works then have fun with it. 1 Link to comment Share on other sites More sharing options...
RocketDog Posted April 27, 2021 Share Posted April 27, 2021 OP : I got the same message last week. It prompted me to spend several hours deleting/updating /checking all the passwords on my Roboform password manager against their list. Such managers are great but they allow you to collect lots of passwords that you've abandoned years ago. I was absolutely shocked to find that one of the passwords was for a very valuable financial account. That alone made it worth my effort. I also took the opportunity to move many of my account email addresses from the brazenly prying eyes of Google Gmail to a truly secure Protonmail account. In some cases I needed a check code they demanded to send to my USA phone number. Recently Comcast, my USA ISP, has terminated the VOIP service I was using so I no longer have a USA phone number. In any case, believe it or not, Comcsst/Xfinity never offered SMS service anyway. I would be interested to know what/how you will find another service. They are available but charge 3-7 cents per minute. I have about decided to just get a Skype number and pay monthly. Alternately, I'll just close any USA account that demands such type of 2FA to access. The truth is that my roots in America are rapidly withering. It may be another 2 years before I visit again as it's going now. Thanks for your post. It may save somebody a lot of grief. Link to comment Share on other sites More sharing options...
Bangkok Barry Posted April 27, 2021 Share Posted April 27, 2021 One easy check the OP and others can make with any suspect emails is to check the From address at the top of the email. Anything fake will invariably have something like [email protected] or some such nonsense. Of course, poor English is often a giveaway too, although I once received an email from my bank that had one example of poor English so I checked with them. It was indeed from them, so a case of the world becoming dumber and dumber. Another but less reliable check is if they use your name or simply 'Dear member etc'. If in doubt, do nowt. Or contact the 'sender' using their website contacts to check, as I did with my bank. Link to comment Share on other sites More sharing options...
GreasyFingers Posted April 27, 2021 Share Posted April 27, 2021 (edited) 1 hour ago, salsajapan said: I would not use any tool and I find ridiculous that people are not able to use different passwords for different websites. It's so easy to set up a rule that allow to find each website password without having to remember it. Just remember the rule that is similar for all websites and that allow to create a different password based on this rule. But it seems too difficult for most people, so funny ???? That reminds me of when I took a memory improvement course many years ago. I could not remember the rules I set up. True, not a joke. Edited April 27, 2021 by GreasyFingers Link to comment Share on other sites More sharing options...
GreasyFingers Posted April 27, 2021 Share Posted April 27, 2021 34 minutes ago, RocketDog said: In some cases I needed a check code they demanded to send to my USA phone number. Recently Comcast, my USA ISP, has terminated the VOIP service I was using so I no longer have a USA phone number. In any case, believe it or not, Comcsst/Xfinity never offered SMS service anyway. I had a similar problem with some Australian banks that could not accept an international phone number (their database was not adequate for this digital world). This was when my carrier Telstra stopped international roaming on pre paid accounts. Link to comment Share on other sites More sharing options...
RocketDog Posted April 27, 2021 Share Posted April 27, 2021 1 hour ago, GreasyFingers said: I had a similar problem with some Australian banks that could not accept an international phone number (their database was not adequate for this digital world). This was when my carrier Telstra stopped international roaming on pre paid accounts. It is interesting that such institutions have forced into a system that they cannot master themselves. I suppose one can call it growing pains but that doesn't make it any less frustrating. As I say, we do have the option of moving to institutions that are more successful in their implementations. Link to comment Share on other sites More sharing options...
Lacessit Posted April 27, 2021 Share Posted April 27, 2021 1 hour ago, GreasyFingers said: I had a similar problem with some Australian banks that could not accept an international phone number (their database was not adequate for this digital world). This was when my carrier Telstra stopped international roaming on pre paid accounts. I use a credit union in Australia, they have a phone contact number to verbally verify online transfers with various security questions. Latrobe Financial sends a SMS code to my Thai mobile for completing my login. Phone calls to Australia from Thailand are very cheap, usually 20 - 40 baht. As far as passwords go, every site that needs one has an individual password, the incomplete passwords are then stored in a LibreOffice file accessible only via a thumb drive. Example password: .S.........&. The OS on my laptop and desktop are MX Linux, hackers are focused on Microsoft and Mac. Decentraleyes, Privacy Badger, uBlock and Cookie Autodelete are also there. Paranoid maybe, but as Kissinger said, even paranoids have enemies. 1 Link to comment Share on other sites More sharing options...
Popular Post VBF Posted April 27, 2021 Popular Post Share Posted April 27, 2021 (edited) 4 hours ago, robblok said: Great.. for you and you know what, i don't even have to type anything as that tool remembers it all and all I have to do is remember the main password and done. Its easier and if only used on a computer its free. So no complaints. But sure if your system works then have fun with it. I just basically don't trust any of the available tools to be themselves secure. I don't believe they are 100% immune from hackers I would rather keep my passwords in a secure local document and suffer slight inconvenience. Having said that, all my important logins are unique complex passwords, and associated with my main email address. My less important ones (mainly those with no financial or personal implications) are also unique but associated with a different email address. Finally my "experimental" or "just for fun" sites where I put no valid personal information are associated with my "dirty" email address - many of those sites share the same password but if they got hacked it wouldn't be that big a deal - i'd just ignore them or sign up as someone else! I sometimes get the warning that the OP mentioned, when I go through it I often see these sites linked to the "dirty" email in the list of compromised sites but it doesn't matter. That is the only email address where I ever get Spam, btw It's terrible when you have both paranoia and OCD! ???? Edited April 27, 2021 by VBF 3 Link to comment Share on other sites More sharing options...
VBF Posted April 27, 2021 Share Posted April 27, 2021 On 4/24/2021 at 1:03 PM, Nakdontree said: This is the normal behaviour of many websites after you've cleaned your browser cache (which you should do at least once a month, anyway). Yes, it's clearing the cookies out that makes sites "forget" your login. I run CCleaner daily. (See my above comment re: paranoia and OCD ????) Link to comment Share on other sites More sharing options...
bendejo Posted April 27, 2021 Share Posted April 27, 2021 4 hours ago, VBF said: Yes, it's clearing the cookies out that makes sites "forget" your login. Good thinking. Some browsers would do this automatically if told to. It's good to know all I need to do is restart the browser to clear the cookies. There are also browser add-ons for clearing the cookies with a single click without exiting the session. 1 1 Link to comment Share on other sites More sharing options...
salsajapan Posted April 28, 2021 Share Posted April 28, 2021 15 hours ago, VBF said: I just basically don't trust any of the available tools to be themselves secure. I don't believe they are 100% immune from hackers I would rather keep my passwords in a secure local document and suffer slight inconvenience. Clearly the only smart choices that it seems many do not understand. But if you apply my rules system you do not need to write any password anywhere. 1 Link to comment Share on other sites More sharing options...
robblok Posted April 28, 2021 Share Posted April 28, 2021 16 minutes ago, salsajapan said: Clearly the only smart choices that it seems many do not understand. But if you apply my rules system you do not need to write any password anywhere. Indeed such a smart thing to tell your rules so other uses it and hackers and crackers know it. The idea behind such a system is that you keep it quiet. 1 1 Link to comment Share on other sites More sharing options...
Popular Post VBF Posted April 28, 2021 Popular Post Share Posted April 28, 2021 1 hour ago, salsajapan said: Clearly the only smart choices that it seems many do not understand. But if you apply my rules system you do not need to write any password anywhere. True, except that your rules system is necessarily complex (or it wouldn't be much use) and I suppose it's just possible that someone whose thought processes matched yours might one day figure it out. Not criticising, just playing "Devil's advocate" I, being a bear of little brain, like to K I S S (Keep it simple, stupid) ???? 1 2 Link to comment Share on other sites More sharing options...
salsajapan Posted April 29, 2021 Share Posted April 29, 2021 On 4/28/2021 at 12:30 PM, robblok said: Indeed such a smart thing to tell your rules so other uses it and hackers and crackers know it. The idea behind such a system is that you keep it quiet. why people never learn to stop speaking when they are clearly wrong ?! amazing ! 1 Link to comment Share on other sites More sharing options...
fdsa Posted April 29, 2021 Share Posted April 29, 2021 2 hours ago, salsajapan said: why people never learn to stop speaking when they are clearly wrong ?! because you are wrong here. imagine a guy with email [email protected] is using a system "website name + 12345" for each website. then a hacker downloads several large leaked databases and searches for this email: from ashleymadison.com: [email protected];ashleymadison12345 from sugardaddy.com: [email protected];sugardaddy12345 from facebook.com: [email protected];facebook12345 guess which password is used by our smart ass guy on website thaifriendly.com? 2 Link to comment Share on other sites More sharing options...
l4ml4m Posted May 4, 2021 Share Posted May 4, 2021 On 4/29/2021 at 3:21 PM, fdsa said: because you are wrong here. imagine a guy with email [email protected] is using a system "website name + 12345" for each website. then a hacker downloads several large leaked databases and searches for this email: from ashleymadison.com: [email protected];ashleymadison12345 from sugardaddy.com: [email protected];sugardaddy12345 from facebook.com: [email protected];facebook12345 guess which password is used by our smart ass guy on website thaifriendly.com? yes this is stupid, but who is idiot enough to use website name + 12345 ? maybe it is what you would use ? Link to comment Share on other sites More sharing options...
fdsa Posted May 4, 2021 Share Posted May 4, 2021 do not underestimate the amount of idiouts out there, go download any large leak and check how many people use passwords like 123456. "website name + 12345" could be considered very secure compared to what I've seen. 1 Link to comment Share on other sites More sharing options...
techietraveller84 Posted May 4, 2021 Share Posted May 4, 2021 Your passwords can be brilliant concoctions of dozens of symbols that are unbreakable. Won't do much for you though at the rate with which apps, companies and governments are getting virtually violated. I'm still going to keep my passwords crazy, but I fully expect to get completely exposed online sooner or later. Two confidence reducing headlines from the last couple days: Unsecure Apps: Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys Government cyber defense fails: 345,000 files from Filipino solicitor-general's office were breached 1 Link to comment Share on other sites More sharing options...
impulse Posted May 4, 2021 Share Posted May 4, 2021 On 4/27/2021 at 4:05 AM, salsajapan said: I am registered on hundreds websites... my rules use special characters and numbers and capital letters, but when not available there is a backup rule that work when special characters or capital letters are not available... yes ! correct ! you are so funny if you trust any tool / program where your passwords are stored, even encrypted.... See you again when you will post here whinning about your hacked passwords.... That works great until you have to change your password. Like after a security breach, or just because you haven't logged in for ages. Or, in many cases, because you're logging in from a different country and they make you reset your password. Then, you need another rule for websites where you're on your second or third password change. And how do you remember which sites those are? 1 Link to comment Share on other sites More sharing options...
Popular Post fdsa Posted May 5, 2021 Popular Post Share Posted May 5, 2021 9 hours ago, techietraveller84 said: Your passwords can be brilliant concoctions of dozens of symbols that are unbreakable. Won't do much for you though at the rate with which apps, companies and governments are getting virtually violated. well, you are uncovering the much deeper issue: the apps, companies and governments are being built insecure from the very beginning and do not even want to become secure. and the reason is: a human factor (ignorance multiplied by lack of competence plus overall lazyness). - hipster companies hire hipster coders without experience who learned to code watching Youtube videos, and that results in critical infrastructure passwords saved inside an app (e.g. Tesla: https://docs.google.com/document/d/1yXni1GoD93q8mX-yom7JLBn0Q8tPOQz2A_y3m3LJi8o/edit and your link above) - large businesses save money by hiring coders based on their requested wage not their expertise https://www.bloomberg.com/news/articles/2019-06-28/boeing-s-737-max-software-outsourced-to-9-an-hour-engineers and when businesses get f''d up they hire security specialists based on their requested wage not their expertise, again. - modern CoC's and mandatory rules on inclusion and diversity results in hiring coders based on their gender and skin color not their expertise. A joke that is not a joke anymore: you know, those heterosexual cisgender male white supremacists call this a clown world for a reason. 3 Link to comment Share on other sites More sharing options...
techietraveller84 Posted May 5, 2021 Share Posted May 5, 2021 14 hours ago, fdsa said: well, you are uncovering the much deeper issue: the apps, companies and governments are being built insecure from the very beginning and do not even want to become secure. and the reason is: a human factor (ignorance multiplied by lack of competence plus overall lazyness). Maybe China's got it figured out then: remove the human factor. Today's headline in Nikkei Asia: Robots will make doubling China's GDP by 2035 look easy Link to comment Share on other sites More sharing options...
.thumb.jpg.4fd22303fa94eb0a6ebf5a9cf7194eb4.jpg)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now