Don’t Panic

There’s been another data breach. Apparently.

The largest data breach ever has been discovered and it exposes more than one billion unique combinations of email addresses and passwords.

A security researcher found the 87GB dump of data hidden on a hacker forum and says many of them have been previously included in other leaks such as the infamous MySpace and LinkedIn breaches.

Troy Hunt, who runs the ‘Have I Been Pwned’ breach-notification service, found the leak on cloud-service MEGA and called it ‘Collection #1’.

The key word here is “previous”. I received an email alerting me to this breach this morning, so I did a bit of checking. Yes, my email was included as were a couple of my passwords – passwords I’ve not used for about ten years. None of my recent ones are included. I also suspect that my bank is on the ball here as they just reissued my debit card out of the blue.

So, yes, by all means do a check, but don’t panic either.

7 Comments

  1. I recently had a spat of attempts at extortion, threatening to reveal the username and password I had used for the Forbes website (a website I had not visited in at least 6 years because it has become an ad filled horror), I knew it was from the Forbes breach because the email address was forbes@{mydomain}.com

    They then threatened to publish videos / pictures (not sure which) of me enjoying myself with Mrs. Palm and her five lovely daughters allegedly captured from my computers video camera (despite my computer not having a video camera).

    I read the first one with some amusement, but by the 15th email it was all getting a bit tiresome. The only thing which changed from one email to the next was the amount of blackmail I had to pay (in bitcoins naturally) and the BTC wallet hash.

    Here we are a few months later and nothing, nada, zilch has happened because of course it is all complete bunkum, little more than a modern version of the pre-internet scam where they attempt to bill you for an entry in “The EU Business Directory” or whatever.

    One thing that it did make me do was to switch all of my passwords for other websites to something a little stronger where appropriate (for example Amazon and eBay are now maximum length randomly hashed passwords using a password generator of my own creation in Excel, like so:

    PrncnpQJSo3rbrns#lTMz+MtJfwMonG$vcC4U2mhGITq8lTR8x6hJhbE5dx-VG#FBi$T8reos_BPWN-Px9q1pRURVFvUxj@EzGoHeUe_BMSt+H8xxkCqyGz#4p7i@92@ykoVpnn+x#CVW6uQkZ5kG+c-0RtS_5VRGPWXyKSWe+qLtP-o8bZmFjg1gTA8e+u1DvRkwHEZhZm9XRM1YR7NaS#XLc$vqvQs5X5eQL3@46WPxem$GoScU6vGk88TMMXwf79n$r70j#4yO5AIHmlQ-OAAWoG0Z7RxJ8kqQ3_jHH_dvbjxIL5jIZDPGVJ@##xFYkTSsyFoV1kHBrEet@6A2EV060ZEb1hS38-@Yk7l8@J-DWiDVp19hb$96+7zosMfmonrbsTRNMzWHharN@5b#nepRWJNM4Gf#8U_LTGkMNun7bJqaUoWBpSnG@inxiHsCkl@tkgUb+aog@gdLTeh9wNVVROZ8r1aPY7eBo7nGjjaBe0LfHXRISkq1S1-RATF

    Try cracking that you bar stewards (apologies to any actual stewards of bars)

    • @john

      Same here. No webcam on any PC, no porn sites ever visited.

      I’ve considered fwding all to City of London plod, but….

  2. Why, oh why, are websites/firms still storing passwords as plain text?

    It’s irresponsible and I suggest breaching Data Protection Laws

    In UK ICO should be taking pre-emptive, not reactive action.

  3. OT

    Terrorists Worst Nightmare

    Off-duty & Overseas SAS bloke hears gunshots and responds

    Particularly liked this: “He was out shopping in the city when he heard the attack. He had his equipment in the car so, when it all kicked off, he sprinted back and got kitted up before heading straight towards the fire-fight.

    ‘When he arrived in the hotel, he started organising the entire operation, directing the police and army. “

    Must have been a shock for local police too. Well done SAS guy and plod officer who stood down from command role.
    https://goo.gl/y2E41B

    How long before Left start “imperialist war crime killings by SAS”?

    • In fairness he wasn’t that much of a surprise as he’d been training the locals in SAS anti-terrorism tactics, so the commander on the scene presumably knew who he was and/or phoned his CO and was advised to let the SAS guy run the response.

      Looks like some of our exports are still holding their value.

      • Local plod unlikely to know that. Kudos to plod CO.

        Update:

        SAS forbidden from going off-duty solo, but will probably be ignored by CO

        Pragmatism still exists

        He’s returning to UK as face exposed on social media

        Off record: “he will be awarded quiet GC”

        Yep, we export a lot secretly 🙂

Comments are closed.