PDA

View Full Version : Dark Web Internet



Amerijoe
11-02-2019, 05:23 PM
Just to let everyone know MyHeritage past data breach info is being used to break into your account. Here is my monitoring report for proof. If you havenít changed your password, do so now.

34332

mildlycurly
11-02-2019, 05:53 PM
Done.

Thanks for informing us.

Donwulff
11-03-2019, 12:51 AM
The MyHeritage data dump hit public sales as part of 617 million accounts from different sites in February this year. Although it's clearly been circulated in the hands of hackers/crackers since the initial breach, contrary to MyHeritage's assurances to the opposite. Thankfully, security researchers were able to convince MyHeritage to force-reset all their users passwords on pain of bad publicity when MyHeritage initially refused to do so insisting the leak wasn't being used.

https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/

Also this:
34344

Consequently, unless MyHeritage has had another breach (If they did it once, it's really hard to ensure they can't do it again), everybody's MyHeritage account should already be safe. A secondary danger, of course, comes from any other sites where you may be using same username or password. Since the username is usually your e-mail, the current practices conspire against making this truly secure. Just a week or two ago I received a warning from Google that someone from computer address in Germany attempted to log into my Google account with my e-mail & correct password which may or may not have been same as I used on MyHeritage *cough*. Thankfully Google requires e-mail verification when the computer/address changes, so they didn't get through and I got a warning. However, 1) That hacker must have been an idiot not to know they can't get through and instead just alert me, 2) It's practically impossible to know every old site where you might have used now-insecure password, 3) This probably isn't the place for a long article on single-site e-mail addresses, site-specific passwords and two factor authenticiation, or how that level of security is a PITA for the common user.

Chrome browser will today suggest & store in password manager a random password for each site which is nice, provided you don't need to access the site on non-Chrome browser, or on a different page which Chrome doesn't recognize as same page (Which is, uh, bad idea from security perspective anyhow but unfortunately I see that often enough). At least as long as your Google account doesn't get hacked when you forget it's no longer just a necessary evil of Internet use, but actually stores ALL your web-passwords ;)