Gmail, Yahoo and Microsoft email services passwords leaked. (1 Viewer)

Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
If you have a mailbox with any of these providers please reset your password.

If you use the same password on these services elsewhere please reset it there as well.

This list is now openly available to black hats and it won't be long before they start using them for nefarious purposes.

http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
 
OP
OP
Gromett
Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
The original source of the article is here.

http://holdsecurity.com/news/the_collector_breach/

As they note this mostly comprises of existing breaches. However there are 42.5 million entries that haven't been seen before.

The reason I posted this is because it is the first time all this data has been released in one file/database. This makes it a potent tool for blackhats.
If your email/password is on this list there is no way of knowing if this was entered from an old breach or a new one. The only safe way to deal with this is to reset the passwords (again).
 
Sep 10, 2012
2,118
3,564
worcester
Funster No
22,842
MH
Sunliving van
Exp
2012
How long ago has this happened?
Last week I had a warning from gmail that someone in ne Africa had tried to access my account

Subscribers  do not see these advertisements

 

Hollyberry

LIFE MEMBER
Apr 24, 2011
5,518
42,265
New Forest.
Funster No
16,134
MH
None.
Exp
4yrs
I can't find where to change password on gmail. Using an iPad so page might look different to instructions given online.

Edit: Done! Didn't seem to match any online instructions but done. Thanks for the warning.
 
Last edited:

Hollyberry

LIFE MEMBER
Apr 24, 2011
5,518
42,265
New Forest.
Funster No
16,134
MH
None.
Exp
4yrs
Last edited:

Minxy

LIFE MEMBER
Aug 22, 2007
32,489
66,014
E Yorks
Funster No
149
MH
Carthago Compactline
Exp
Since 1996, had Elddis/Swift/Rapido/Rimor/Chausson MHs. Autocruise/Globecar PVCs/Compactline i-138
Thanks chuck ... just changed all my email passwords and hubby's too ... takes ruddy ages!

Must remember to tell hubby though otherwise he'll go nuts trying to log-in with his old passwords!!! :D
 
OP
OP
Gromett
Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Can I recommend you look at LastPass or similar software.

It generates random passwords for each account and can automatically fill in login boxes for you.

You only have to remember the one master password and it can help you reset passwords across all accounts.

The advantage of using this is that because each site you login to has a unique password you only have to reset on in the case of a security breach.

Each time you login to a new site or one that you haven't used since installing lastpass, lastpass will ask you if you want to save it. So there is little work involved in getting it set up.

https://lastpass.com/
 
Sep 23, 2013
2,579
8,604
Lincs
Funster No
28,231
MH
Globecar Campscout
Exp
Since 2008 (started in a VW T4 campervan)
Can I recommend you look at LastPass or similar software.
Is LastPass your preferred password manager? I know there are quite a few to chose from & I've never really researched the various features of each.

The most important feature of any of them is their own security! I imagine they are a prime target for hackers - not just to obtain access to users' passwords, but also to discredit this type of system, so people stop trusting them.

Subscribers  do not see these advertisements

 
OP
OP
Gromett
Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Is LastPass your preferred password manager? I know there are quite a few to chose from & I've never really researched the various features of each.

It's the one I use. I looked at how they stored the data and was satisfied that they made it hard enough to to prevent hackers. I also bought a YubiKey so I have 2 factor authentication on the account as well. I am not sure I would use it without as I am a bit paranoid on security.
 

Hollyberry

LIFE MEMBER
Apr 24, 2011
5,518
42,265
New Forest.
Funster No
16,134
MH
None.
Exp
4yrs
@Gromett , can I ask you about logging into banking? Mine doesn't use a password, I have to put my card into a calculator size thing and put 2 X 4 digit codes into website. This is after putting in a 12 digit membership number. Is this as secure as it can get?
 
OP
OP
Gromett
Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
@Gromett , can I ask you about logging into banking? Mine doesn't use a password, I have to put my card into a calculator size thing and put 2 X 4 digit codes into website. This is after putting in a 12 digit membership number. Is this as secure as it can get?
Sounds good to me. ID plus a second factor auth using a physical device that isn't your phone..

Subscribers  do not see these advertisements

 
OP
OP
Gromett
Feb 27, 2011
14,671
74,882
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
I am sorry for my short answers yesterday I was in busy mode trying to get a lot of stuff done ready for today's move.

What I looked for in a password manager was the following.
1) Extremely good encryption of the database.
2) Encryption must take place on my computer not on their server.
3) There must be external 2 factor authentication that doesn't rely on my mobile phone.
4) There must be an addon that works on linux, windows and android.

The only one that fulfilled all these criteria to my satisfaction when I was evaluating them all was LastPass. I was very reluctant to use anything like this as I don't like cloud services generally and I don't trust them for security. However the risk/benefit research I did on this made me try it out in a limited way and after a year I went all in and even paid for their professional version. The yubi key in combination with them requiring me to re-authenticate on new devices makes me confident that my data is secure with them.

If my master password which is not stored on their server is ever leaked hackers would still need to steal my yubikey and re-athenticate with lastpass to get into my password vault. My yubi key is stored in a safe place. If their servers were to be hacked they would only get my heavily encrypted vault. This is encrypted to a much higher level than even the most paranoid would recommend. They may also get my hashed and salted master password. This is no use to them as it would take years and years to crack.

So overall while it does have some risks as no system is perfect, I feel they have done enough to protect the data.

Because of Lastpass, every site I sign up to now has a unique email address and a unique password. So if that site gets hacked the hackers have an email address which only allows them to log onto that site and no others. If they add it to a spammers list I simply change the email address on the site in question and block the old one. So no spam either.

Subscribers  do not see these advertisements

 
Sep 23, 2013
2,579
8,604
Lincs
Funster No
28,231
MH
Globecar Campscout
Exp
Since 2008 (started in a VW T4 campervan)
Thanks Gromett, that's very useful information. My feelings exactly.
 

Anthea M

Free Member
Deceased RIP
Oct 18, 2015
9,501
165,134
Sheffield
Funster No
39,598
MH
Hobby
Exp
Since 2009
Thanks for info and good luck with the move!

Subscribers  do not see these advertisements

 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Latest journal entries

Funsters who are viewing this thread

Back
Top