Gmail, Yahoo and Microsoft email services passwords leaked.

Discussion in 'Computers' started by Gromett, May 7, 2016.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    If you have a mailbox with any of these providers please reset your password.

    If you use the same password on these services elsewhere please reset it there as well.

    This list is now openly available to black hats and it won't be long before they start using them for nefarious purposes.

    http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
     
    • Thanks Thanks x 9
    • Informative Informative x 3
  2. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    The original source of the article is here.

    http://holdsecurity.com/news/the_collector_breach/

    As they note this mostly comprises of existing breaches. However there are 42.5 million entries that haven't been seen before.

    The reason I posted this is because it is the first time all this data has been released in one file/database. This makes it a potent tool for blackhats.
    If your email/password is on this list there is no way of knowing if this was entered from an old breach or a new one. The only safe way to deal with this is to reset the passwords (again).
     
    • Like Like x 2
    • Thanks Thanks x 1
    • Useful Useful x 1
  3. berni109

    berni109 Funster

    Joined:
    Sep 10, 2012
    Messages:
    295
    Likes Received:
    249
    Location:
    worcester
    How long ago has this happened?
    Last week I had a warning from gmail that someone in ne Africa had tried to access my account
     
  4. Hollyberry

    Hollyberry Funster

    Joined:
    Apr 24, 2011
    Messages:
    3,795
    Likes Received:
    7,394
    Location:
    Paignton, Devon.
    I can't find where to change password on gmail. Using an iPad so page might look different to instructions given online.

    Edit: Done! Didn't seem to match any online instructions but done. Thanks for the warning.
     
    Last edited: May 7, 2016
  5. John Laidler

    John Laidler Funster

    Joined:
    Jan 9, 2013
    Messages:
    8,587
    Likes Received:
    11,577
    Location:
    Plympton, Devon
  6. Hollyberry

    Hollyberry Funster

    Joined:
    Apr 24, 2011
    Messages:
    3,795
    Likes Received:
    7,394
    Location:
    Paignton, Devon.
    Last edited: May 7, 2016
  7. Clarky

    Clarky Funster

    Joined:
    Oct 30, 2010
    Messages:
    784
    Likes Received:
    1,176
    Location:
    Suffolk or France or ........
    Thanks for the heads up.
    Google password now changed.

    Richard.
     
  8. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
  9. Fenman

    Fenman Funster

    Joined:
    Jul 29, 2014
    Messages:
    628
    Likes Received:
    1,028
    Location:
    Correze, France
    Just to be safe I did mine. Many thanks.
     
    • Like Like x 1
  10. Minxy Girl

    Minxy Girl Funster Life Member

    Joined:
    Aug 22, 2007
    Messages:
    8,601
    Likes Received:
    9,990
    Location:
    E Yorks
    Thanks chuck ... just changed all my email passwords and hubby's too ... takes ruddy ages!

    Must remember to tell hubby though otherwise he'll go nuts trying to log-in with his old passwords!!! :D
     
    • Funny Funny x 2
  11. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    Can I recommend you look at LastPass or similar software.

    It generates random passwords for each account and can automatically fill in login boxes for you.

    You only have to remember the one master password and it can help you reset passwords across all accounts.

    The advantage of using this is that because each site you login to has a unique password you only have to reset on in the case of a security breach.

    Each time you login to a new site or one that you haven't used since installing lastpass, lastpass will ask you if you want to save it. So there is little work involved in getting it set up.

    https://lastpass.com/
     
    • Useful Useful x 2
  12. TheCaller

    TheCaller Funster

    Joined:
    Sep 23, 2013
    Messages:
    1,823
    Likes Received:
    2,158
    Location:
    Lincs
    Is LastPass your preferred password manager? I know there are quite a few to chose from & I've never really researched the various features of each.

    The most important feature of any of them is their own security! I imagine they are a prime target for hackers - not just to obtain access to users' passwords, but also to discredit this type of system, so people stop trusting them.
     
    • Like Like x 1
  13. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    It's the one I use. I looked at how they stored the data and was satisfied that they made it hard enough to to prevent hackers. I also bought a YubiKey so I have 2 factor authentication on the account as well. I am not sure I would use it without as I am a bit paranoid on security.
     
    • Useful Useful x 2
  14. Hollyberry

    Hollyberry Funster

    Joined:
    Apr 24, 2011
    Messages:
    3,795
    Likes Received:
    7,394
    Location:
    Paignton, Devon.
    @Gromett , can I ask you about logging into banking? Mine doesn't use a password, I have to put my card into a calculator size thing and put 2 X 4 digit codes into website. This is after putting in a 12 digit membership number. Is this as secure as it can get?
     
  15. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    Sounds good to me. ID plus a second factor auth using a physical device that isn't your phone..
     
    • Thanks Thanks x 1
  16. johnp10

    johnp10 Funster

    Joined:
    Oct 12, 2009
    Messages:
    7,642
    Likes Received:
    14,214
    Location:
    North Lincolnshire
    Thanks, Gromett.(y)
     
    • Like Like x 1
  17. Allan & Loren

    Allan & Loren Funster

    Joined:
    Dec 8, 2014
    Messages:
    1,061
    Likes Received:
    1,573
    Location:
    Leyland, Lancashire
    Thanks for the heads up, I've changed mine too
     
    • Like Like x 1
  18. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,942
    Likes Received:
    14,026
    Location:
    UK
    I am sorry for my short answers yesterday I was in busy mode trying to get a lot of stuff done ready for today's move.

    What I looked for in a password manager was the following.
    1) Extremely good encryption of the database.
    2) Encryption must take place on my computer not on their server.
    3) There must be external 2 factor authentication that doesn't rely on my mobile phone.
    4) There must be an addon that works on linux, windows and android.

    The only one that fulfilled all these criteria to my satisfaction when I was evaluating them all was LastPass. I was very reluctant to use anything like this as I don't like cloud services generally and I don't trust them for security. However the risk/benefit research I did on this made me try it out in a limited way and after a year I went all in and even paid for their professional version. The yubi key in combination with them requiring me to re-authenticate on new devices makes me confident that my data is secure with them.

    If my master password which is not stored on their server is ever leaked hackers would still need to steal my yubikey and re-athenticate with lastpass to get into my password vault. My yubi key is stored in a safe place. If their servers were to be hacked they would only get my heavily encrypted vault. This is encrypted to a much higher level than even the most paranoid would recommend. They may also get my hashed and salted master password. This is no use to them as it would take years and years to crack.

    So overall while it does have some risks as no system is perfect, I feel they have done enough to protect the data.

    Because of Lastpass, every site I sign up to now has a unique email address and a unique password. So if that site gets hacked the hackers have an email address which only allows them to log onto that site and no others. If they add it to a spammers list I simply change the email address on the site in question and block the old one. So no spam either.
     
    • Informative Informative x 1
  19. TheCaller

    TheCaller Funster

    Joined:
    Sep 23, 2013
    Messages:
    1,823
    Likes Received:
    2,158
    Location:
    Lincs
    Thanks Gromett, that's very useful information. My feelings exactly.
     
    • Like Like x 1
  20. Hollyberry

    Hollyberry Funster

    Joined:
    Apr 24, 2011
    Messages:
    3,795
    Likes Received:
    7,394
    Location:
    Paignton, Devon.
    Thanks for all your info @Gromett , much appreciated.
     
Loading...

Share This Page