Announcement

Collapse
No announcement yet.

bordersdown data breach?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    bordersdown data breach?

    according to chrome (just logged in) my password has been found to be compromised, and been advised to change it, anyone else get this using chrome?

    #2
    That doesn’t mean it was a bordersdown breach (although doesn’t mean it wasn’t). You’ll see this if you use the same password here that was in any data breach somewhere else. It’s actually a really handy warning system. I got it because I use the same password for many low risk places that are not money related, like this place, so have changed that password.

    Comment


      #3
      I got the warning and I use a unique password here which is a random string in my password manager.

      Comment


        #4
        Then Chrome is a dirty rotten liar.

        Comment


          #5
          I believe Chrome gets its data from https://haveibeenpwned.com/

          Comment


            #6
            Ah, interesting. So do you think there could have been a bordersdown breach?

            Comment


              #7
              No idea - maybe vBulletin has a security hole as Chrome is showing I have 97 compromised passwords and they're all from forums (and all unique). Some of them are variations of the same forum URL, so it's not 93 different sites (ars, b3ta, gamespot, btly, bt-chat, bordersdown, disquss all in the last hour).

              It may be an update rolled out that's bugged, but it's showing 97 from 700 odd saved passwords.

              As I've said a number of times before on here: use a password manager, use unique passwords, turn on 2FA where it matters.

              Edit: Looks like I was wrong about them using haveibeenpowned data (who have an open API), but they're probably using similar data-source lists: https://www.theverge.com/2019/10/2/2...-now-available

              It also looks like a lot of these are old passwords that aren't unique that I changed ages ago, including the one here so it may be that it's a dump of simple passwords whose hashes have been worked out where they haven't been properly salted.
              Last edited by MartyG; 08-11-2020, 15:22.

              Comment


                #8
                I got one the other day, three others were part of a data loss but here was another reason which I've forgot.

                Comment


                  #9
                  The warnings in chrome mean the password has been used somewhere that had a data breach. It doesn't even mean the password had been used by you. [MENTION=42]MartyG[/MENTION] I'd be interested to know if you think your one was definitely only used here and was a random string please

                  Comment


                    #10
                    Had the same thing on AV Forums a minute ago so changing as I go now

                    Neil

                    Comment


                      #11
                      Originally posted by charlesr View Post
                      The warnings in chrome mean the password has been used somewhere that had a data breach. It doesn't even mean the password had been used by you. [MENTION=42]MartyG[/MENTION] I'd be interested to know if you think your one was definitely only used here and was a random string please
                      It is a password I've used here in the past as I said above, but it's an old password - the warnings are passwords that you've used that are known hashes in this case, not specifically for here.

                      Comment


                        #12
                        Looks like this is where the recent password alert has come from - haveibeenpwned has only just updated their site with this latest dataset

                        It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data [https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/] . The hard bit for


                        and



                        More than 50GB of data from 23,000 hacked databases were shared by cybercriminals on Telegram channels and two hacking forums.
                        This is a database leak from from that hacking site that contained the 50GB of password data earlier this month (Nov 2020).
                        Last edited by MartyG; 19-11-2020, 10:35.

                        Comment

                        Working...
                        X