The sheer stupidity of it all re: breached logins

wkleem
wkleem
Community Member
edited April 2018 in Lounge

I've read in the local newspaper about a 9GB cache of compromised or potentially compromised logins (focusing on local logins) much like Troy Hunt's HIBP. However, unlike Hunt's HIBP, no site was mentioned, not that I would trust a dodgy site, but still...

From Reddit:

https://reddit.com/r/singapore/comments/8eg4pd/premiumcheck_online_to_see_if_your_email_details/

There is a site mentioned in reddit, but not in the print version or, presumably, the paid (subscription) version.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • I agree with the comments in this thread:

    https://www.reddit.com/r/singapore/comments/8eg4pd/comment/dxuxpak

    :)

    Ben

  • wkleem
    wkleem
    Community Member

    Thanks @Ben.

  • :+1:

    Ben

  • wkleem
    wkleem
    Community Member
    edited April 2018

    WOW! 1Password is mentioned in one of the comments by “darklajid”

  • Saw that. :)

    Ben

  • wkleem
    wkleem
    Community Member

    Also emailed Troy Hunt but I am uncertain if he will respond. Both of you, Troy Hunt and Agilebits, do great work.

  • prime
    prime
    Community Member

    I’ll have to check this out. I never liked how Reddit’s lay out is. I get annoyed and leave :lol:

  • Thanks, wkleem.

    Ben

  • @prime

    I’ve grown acustom to it and for the most part quite like it now. The mobile app / site is pretty rough IMO but the desktop site is not bad. :)

    Ben

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Troy Hunt replied it is old news to him. He even wrote a blog post.

    "Yeah, I saw that site pop up a while ago. The 1.4B list is totally blow out of proportion: https://www.troyhunt.com/making-light-of-the-dark-web-and-debunking-the-fud

    All those passwords are also already searchable here: https://haveibeenpwned.com/Passwords'

    All of it is in Pwned Passwords although 9GB and 1.4B? Must be a lot of redundant info there.

    @Ben, Reddit on desktop is fine but I have not tried Reddit Mobile.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, I bet Troy's database has a lot of redundancy at this point, as there are only so many weak passwords to go around. Certainly some strong ones have been compromised as well in website breaches, but there are plenty more where those came from. Cheers! :)

  • wkleem
    wkleem
    Community Member

    I have been confused with Pwned Passwords and Have I Been Pwned, both from Hunt. It's likely the same?

  • I suppose that would be a better question for Troy. I’m not intimately familiar with the differences in his offerings.

    Ben

  • wkleem
    wkleem
    Community Member

    I've emailed him and replied but he may or may not reply a subsequent time.

  • :+1:

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Although everyone posting here already knows, let me explicitly state that you should be very wary of entering any of your passwords into anything other than the site or service for which it is used.

    HIBP uses a protocol while we've evaluated, and we know exactly what information we send to the service. (We do not send passwords.) There is a small information leak when using HIBP, but it is small and known.

This discussion has been closed.