I've been pwned, should I care?
-
My email and password was in the recent MySpace breach.
The password I used there is "my insecure password". 7 lowercase letters. I only use it on my first email address created in high school, forums and other sites which I don't mind to lose access to, and Facebook. The latter because I was very hesitant to sign up to Facebook and I figured if my account gets stolen, it's a good excuse to try to make my friends return to email.
Am i missing something?
-
@marczellm depends on what websites an attacker could gain access with forgot my password and this email.
changing it's password won't hurt
-
Crap! I think that has my simple password too.
*Checks names list *
Double Crap!
*Checks KeePass*
Phew. Random password.
-
Nah. If you haven't lost access yet it's probably no problem. Change all the relevant passwords fast, and be carefull about phishing.
-
@marczellm You should never care about anything, ever.
Now I'll read the post.
-
6 bitcoin or about $3,000
Wow Bitcoin has been smashed so tiny...
we are going to display only the first few characters of plaintext passwords if available so users can verify which password of theirs was leaked
Well that's surprisingly unhelpful, since the first few characters are typically the site name encoded before my actual password...
Actually, no, that is helpful, because it will tell me if I last updated my MySpace password before 2008...
Filed under: silly keyboard (actual link)
-
What's a MySpace?
-
@JBert said in I've been pwned, should I care?:
What's a MySpace?
It's the default user's context outside of normal application contexts in which all active console applications are running?
-
@Tsaukpaetra said in I've been pwned, should I care?:
we are going to display only the first few characters of plaintext passwords if available so users can verify which password of theirs was leaked
-
-
Well. I remember having a MySpace account, but for the life of me I can't remember what the email address or username was. Do they kill those things after a certain length of inactivity?
-
@anotherusername said in I've been pwned, should I care?:
Do they kill those things after a certain length of inactivity?
I think so, I can't find my own account anymore...
-
@anotherusername said in I've been pwned, should I care?:
I remember having a MySpace account,
i remember having plural..... i had a bot at one point creating them from yahoo emails it auto created and using them to sign up for as much spam as possible.......
i wonder if i ever actually turned that bot off......?
-
@accalia said in I've been pwned, should I care?:
@anotherusername said in I've been pwned, should I care?:
I remember having a MySpace account,
i remember having plural..... i had a bot at one point creating them from yahoo emails it auto created and using them to sign up for as much spam as possible.......
i wonder if i ever actually turned that bot off......?
YOU'RE the reason MySpace still exists! (Look at all the accounts still being created - yes! we're still in business!)
-
@accalia This might be why both MySpace and Yahoo are going bankrupt.
-
@Captain said in I've been pwned, should I care?:
@accalia This might be why both MySpace and Yahoo are going bankrupt.
Keep up the good work! :)
-
I can't even remember if I signed up for MySpace or not. If I did, the email address associated with it has had it's password changed a dozen times.
I would try a "forgot password" to check, but I can't even get at that page without loading a few hundred Javascripts. Which is just what I want to do on an ad-driven site that's had a major data breach.
-
@anotherusername said in I've been pwned, should I care?:
Well. I remember having a MySpace account, but for the life of me I can't remember what the email address or username was. Do they kill those things after a certain length of inactivity?
If you use your LiveID to access MySpace, it won't be relevent to you because the password is not stored on their server.
-
@cheong I don't think LiveID even existed when I had a MySpace account.
-
Status: Turns out that my standard ID was indeed expired and erased some time ago, and for some reason I decided to re-up (some time ago) with one of my alternates. I still have no friends...
-
@Tsaukpaetra said in I've been pwned, should I care?:
Status: Turns out that my standard ID was indeed expired and erased some time ago, and for some reason I decided to re-up (some time ago) with one of my alternates. I still have no friends...
Where is the emo music auto playing in the background, edgy skull background with red text in comic sans font?
-
@Lathun said in I've been pwned, should I care?:
Where is the emo music auto playing in the background, edgy skull background with red text in comic sans font?
Lost interest after finding my sis and uncle () and uploading a profile pic. Note that you can date this profile by that pic, as I've not used that particular variant (for hopefully obvious reasons) in forever
NFC who the other chick is...
-
... So. In checking my exposure level here, I happened to find out that I had been exposed in a Comcast breach YEARS ago.
That password is my normal, longstanding trash password, and that account occasionally still sees mildly sensitive stuff.
Comcast never once notified me.
I am fucking pissed.
-
@Weng said in I've been pwned, should I care?:
So. In checking my exposure level here, I happened to find out that I had been exposed in a Comcast breach YEARS ago.
I just found out my old email address + throwaway password combination was leaked twice - once by Adobe and once by Myspace. I'm glad I'm not using either anymore. (I change email addresses as soon as I start getting too much spam. I also use multiple different addresses for different purposes so I don't have to change too many accounts at once.)
-
@marczellm said in I've been pwned, should I care?:
Am i missing something?
You are missing having KeePass in your life.
I've been using it for several years now, all my passwords are in it, all of them are long and randomly generated, and as a consequence, server credentials breaches are something about which I can now give 0.000000000000 fucks.
-
@flabdablet said in I've been pwned, should I care?:
You are missing having KeePass in your life.
Needs more upvotes!
Also, do I need to do it again? Okay I will...
Use http://world.std.com/~reinhold/diceware.html to generate your master passphrase. All the goodness of a true hardware RNG and none of the radiation poisoning!
-
@flabdablet said in I've been pwned, should I care?:
@marczellm said in I've been pwned, should I care?:
Am i missing something?
You are missing having KeePass in your life.
I've been using it for several years now, all my passwords are in it, all of them are long and randomly generated, and as a consequence, server credentials breaches are something about which I can now give 0.000000000000 fucks.
And how should I access my email from university computers where I can't install stuff? From friends' computers?
@SirTwist said in Stackoverflow has the password to my mail-account:
@fbmac, @Jaloopa You put it on your phone, too. Then you can look it up and type it in.
Try again.
https://upload.wikimedia.org/wikipedia/commons/5/5f/Noikia_2600_Classic_1.jpg
-
@marczellm said in I've been pwned, should I care?:
And how should I access my email from university computers where I can't install stuff?
You might be better off using LastPass… but I don't know if “can't install stuff” includes the browser extensions required to make the experience not suck.
I prefer arranging for logins to be done by crypto-key where possible. Someone stealing my public key? Fucks given: 0. Unless they decide they want me to log in and administer their systems for them or something… ;)
-
@marczellm said in I've been pwned, should I care?:
how should I access my email from university computers where I can't install stuff? From friends' computers?
KeePass has a portable edition that requires no installation. Works on any Windows box. Keep it on your car keys along with the password database file. See the other thread.
-
@marczellm said in I've been pwned, should I care?:
@flabdablet said in I've been pwned, should I care?:
@marczellm said in I've been pwned, should I care?:
Am i missing something?
You are missing having KeePass in your life.
I've been using it for several years now, all my passwords are in it, all of them are long and randomly generated, and as a consequence, server credentials breaches are something about which I can now give 0.000000000000 fucks.
And how should I access my email from university computers where I can't install stuff? From friends' computers?
@SirTwist said in Stackoverflow has the password to my mail-account:
@fbmac, @Jaloopa You put it on your phone, too. Then you can look it up and type it in.
Try again.
https://upload.wikimedia.org/wikipedia/commons/5/5f/Noikia_2600_Classic_1.jpgTry again.
-
@flabdablet said in I've been pwned, should I care?:
@marczellm said in I've been pwned, should I care?:
Am i missing something?
You are missing having KeePass in your life.
I've been using it for several years now, all my passwords are in it, all of them are long and randomly generated, and as a consequence, server credentials breaches are something about which I can now give 0.000000000000 fucks.
Wasn't KeepPass just compromised and had all their data stolen?
it wasn't but that feeling you just had is perhaps one of the reasons against a centralized password storage system...
-
@Lorne-Kates said in I've been pwned, should I care?:
Wasn't KeepPass just compromised and had all their data stolen?
KeePass is a bad example there, since it's fully capable of being stored offline
-
@Jaloopa said in I've been pwned, should I care?:
@Lorne-Kates said in I've been pwned, should I care?:
Wasn't KeepPass just compromised and had all their data stolen?
KeePass is a bad example there, since it's fully capable of being stored offline
If I let logic and facts like that alter my arguments, I wouldn't fit in here.
-
@Lorne-Kates Since KeePass is a desktop application that uses a local file to store passwords in, I don't think that could happen. You're probably thinking of LastPass.
-
@marczellm said in I've been pwned, should I care?:
And how should I access my email from university computers where I can't install stuff? From friends' computers?
Accessing email from computers where you don't own root? Not paranoid enough!