The sheer stupidity of it all re: breached logins

Options
wkleem
wkleem
Community Member
edited April 2018 in Lounge

I've read in the local newspaper about a 9GB cache of compromised or potentially compromised logins (focusing on local logins) much like Troy Hunt's HIBP. However, unlike Hunt's HIBP, no site was mentioned, not that I would trust a dodgy site, but still...

From Reddit:

https://reddit.com/r/singapore/comments/8eg4pd/premiumcheck_online_to_see_if_your_email_details/

There is a site mentioned in reddit, but not in the print version or, presumably, the paid (subscription) version.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben
    Options

    I agree with the comments in this thread:

    https://www.reddit.com/r/singapore/comments/8eg4pd/comment/dxuxpak

    :)

    Ben

  • wkleem
    wkleem
    Community Member
    Options

    Thanks @Ben.

  • Ben
    Ben
    Options

    :+1:

    Ben

  • wkleem
    wkleem
    Community Member
    edited April 2018
    Options

    WOW! 1Password is mentioned in one of the comments by “darklajid”

  • Ben
    Ben
    Options

    Saw that. :)

    Ben

  • wkleem
    wkleem
    Community Member
    Options

    Also emailed Troy Hunt but I am uncertain if he will respond. Both of you, Troy Hunt and Agilebits, do great work.

  • prime
    prime
    Community Member
    Options

    I’ll have to check this out. I never liked how Reddit’s lay out is. I get annoyed and leave :lol:

  • Ben
    Ben
    Options

    Thanks, wkleem.

    Ben

  • Ben
    Ben
    Options

    @prime

    I’ve grown acustom to it and for the most part quite like it now. The mobile app / site is pretty rough IMO but the desktop site is not bad. :)

    Ben

  • wkleem
    wkleem
    Community Member
    edited April 2018
    Options

    Troy Hunt replied it is old news to him. He even wrote a blog post.

    "Yeah, I saw that site pop up a while ago. The 1.4B list is totally blow out of proportion: https://www.troyhunt.com/making-light-of-the-dark-web-and-debunking-the-fud

    All those passwords are also already searchable here: https://haveibeenpwned.com/Passwords'

    All of it is in Pwned Passwords although 9GB and 1.4B? Must be a lot of redundant info there.

    @Ben, Reddit on desktop is fine but I have not tried Reddit Mobile.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    Indeed, I bet Troy's database has a lot of redundancy at this point, as there are only so many weak passwords to go around. Certainly some strong ones have been compromised as well in website breaches, but there are plenty more where those came from. Cheers! :)

  • wkleem
    wkleem
    Community Member
    Options

    I have been confused with Pwned Passwords and Have I Been Pwned, both from Hunt. It's likely the same?

  • Ben
    Ben
    Options

    I suppose that would be a better question for Troy. I’m not intimately familiar with the differences in his offerings.

    Ben

  • wkleem
    wkleem
    Community Member
    Options

    I've emailed him and replied but he may or may not reply a subsequent time.

  • Ben
    Ben
    Options

    :+1:

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Options

    Although everyone posting here already knows, let me explicitly state that you should be very wary of entering any of your passwords into anything other than the site or service for which it is used.

    HIBP uses a protocol while we've evaluated, and we know exactly what information we send to the service. (We do not send passwords.) There is a small information leak when using HIBP, but it is small and known.

This discussion has been closed.