according to chrome (just logged in) my password has been found to be compromised, and been advised to change it, anyone else get this using chrome?
-
-
That doesn’t mean it was a bordersdown breach (although doesn’t mean it wasn’t). You’ll see this if you use the same password here that was in any data breach somewhere else. It’s actually a really handy warning system. I got it because I use the same password for many low risk places that are not money related, like this place, so have changed that password. -
I got the warning and I use a unique password here which is a random string in my password manager.Comment
-
Then Chrome is a dirty rotten liar.Comment
-
-
Ah, interesting. So do you think there could have been a bordersdown breach?Comment
-
No idea - maybe vBulletin has a security hole as Chrome is showing I have 97 compromised passwords and they're all from forums (and all unique). Some of them are variations of the same forum URL, so it's not 93 different sites (ars, b3ta, gamespot, btly, bt-chat, bordersdown, disquss all in the last hour).
It may be an update rolled out that's bugged, but it's showing 97 from 700 odd saved passwords.
As I've said a number of times before on here: use a password manager, use unique passwords, turn on 2FA where it matters.
Edit: Looks like I was wrong about them using haveibeenpowned data (who have an open API), but they're probably using similar data-source lists: https://www.theverge.com/2019/10/2/2...-now-available
It also looks like a lot of these are old passwords that aren't unique that I changed ages ago, including the one here so it may be that it's a dump of simple passwords whose hashes have been worked out where they haven't been properly salted.Last edited by MartyG; 08-11-2020, 14:22.Comment
-
I got one the other day, three others were part of a data loss but here was another reason which I've forgot.Comment
-
The warnings in chrome mean the password has been used somewhere that had a data breach. It doesn't even mean the password had been used by you. [MENTION=42]MartyG[/MENTION] I'd be interested to know if you think your one was definitely only used here and was a random string pleaseComment
-
Had the same thing on AV Forums a minute ago so changing as I go now
NeilComment
-
It is a password I've used here in the past as I said above, but it's an old password - the warnings are passwords that you've used that are known hashes in this case, not specifically for here.Originally posted by charlesr View PostComment
-
Looks like this is where the recent password alert has come from - haveibeenpwned has only just updated their site with this latest dataset
and
This is a database leak from from that hacking site that contained the 50GB of password data earlier this month (Nov 2020).More than 50GB of data from 23,000 hacked databases were shared by cybercriminals on Telegram channels and two hacking forums.Last edited by MartyG; 19-11-2020, 09:35.Comment
Comment