Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Haveibeenpwned.com

  • 28-11-2016 10:21pm
    #1
    Registered Users, Registered Users 2 Posts: 831 ✭✭✭


    https://haveibeenpwned.com/ came across this website this evening while i was looking for solutions to my computer freezing,running very slow especially on yahoo etc and using kaspersky,malware anti malware,super anti spyware and others showing up nothing running full scans.You put in your email address or password and see the results.two of my usernams for websites it said had been compromised where as the email address had not,any imput appreciated,cheers..


Comments

  • Registered Users, Registered Users 2 Posts: 84,763 ✭✭✭✭Atlantic Dawn
    M


    You put your password in to it? If you did change it.


  • Registered Users, Registered Users 2 Posts: 10,580 ✭✭✭✭Riesen_Meal


    You put your password in to it? If you did change it.

    You don't put your password into it, it checks your email address across known databases of hacker lists and if it shows up then chances are your account email has been compromised via say the PSN hack, or some of the other sites where user info has been leaked....


  • Registered Users, Registered Users 2 Posts: 39 wofias8


    damon5 wrote: »
    where as the email address had not

    It has been now! :pac:


  • Registered Users, Registered Users 2 Posts: 831 ✭✭✭damon5


    You put your password in to it? If you did change it.

    Hi it says to put your email address or usernames which i did for three of them and two out of three said i was compromised...


  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    This is why it's important to use different passwords for different sites - so that a single breach won't compromise all of your accounts. And, while some reuse is probably inevitable, the password(s) for your email account(s) should always remain unique - preferably also using 2FA, if available.

    You've got to assume that the sites to which you supply your information won't look after it properly and act accordingly.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 572 ✭✭✭Joe Exotic


    A note on this site

    Its run by Troy hunt (It's legit)
    I'm Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

    If your Email address is present it does not mean you have been compromised it means your email has been found in a dump online, this could be that a database was hacked which had your email address(could simply be a mailing list).
    The reliability of pastes
    The presence of an email address on a paste site doesn't always mean it's been compromised in a breach and the process that scans for addresses is entirely autonomous — there's no human review. Do take a look at the paste and assess the impact for yourself if your address appears there.

    It is however a good idea to change any passwords associated with this account just to be safe.

    You can sign up for a notification to warn if your address if found in the future.

    This can be done for an entire domain so if your worried about work emails you could also do this (i advise getting permission first)


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    murphk wrote: »
    This can be done for an entire domain so if your worried about work emails you could also do this (i advise getting permission first)
    For obvious reasons, you can only do it for an entire domain if you can actually prove you own/have control of that domain. Definitely no harm in asking your Infosec/IT guys if they have it set up though.

    We've had it alerting us on our domain for a good while, it's useful, though can lead to some...interesting conversations with users regarding some of the stuff they've signed up for using their work address which probably would have best been left to a personal one.


  • Registered Users, Registered Users 2 Posts: 831 ✭✭✭damon5


    Thanks for replies lads,when i put in my email address on that site it came up that it was fine but the other 2 i submitted were the usernames of 2 differant websites and it showed a compromise.Quick question what is 2FA,cheers.


  • Registered Users, Registered Users 2 Posts: 10,580 ✭✭✭✭Riesen_Meal


    damon5 wrote: »
    Thanks for replies lads,when i put in my email address on that site it came up that it was fine but the other 2 i submitted were the usernames of 2 differant websites and it showed a compromise.Quick question what is 2FA,cheers.

    2FA is the when you need your mobile to sign your account into say your PlayStation account or your Ebay/Xbox/Steam account...

    When you go to login on a "foreign" device it texts you a unique code to input on that device...


    https://en.m.wikipedia.org/wiki/Authentication#Two-factor_authentication


  • Registered Users, Registered Users 2 Posts: 831 ✭✭✭damon5


    Fieldog wrote: »
    2FA is the when you need your mobile to sign your account into say your PlayStation account or your Ebay/Xbox/Steam account...

    When you go to login on a "foreign" device it texts you a unique code to input on that device...


    https://en.m.wikipedia.org/wiki/Authentication#Two-factor_authentication

    Cheers for that Fieldog,appreciated .....


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    damon5 wrote: »
    Thanks for replies lads,when i put in my email address on that site it came up that it was fine but the other 2 i submitted were the usernames of 2 differant websites and it showed a compromise.Quick question what is 2FA,cheers.
    Fieldog wrote: »
    2FA is the when you need your mobile to sign your account into say your PlayStation account or your Ebay/Xbox/Steam account...

    When you go to login on a "foreign" device it texts you a unique code to input on that device...


    https://en.m.wikipedia.org/wiki/Authentication#Two-factor_authentication

    While texting you a unique code is more secure than not having 2FA, you would be better off going with an authenticator app, like Google Authenticator. It's available for both Android and iOS.

    This generates the unique codes for the second factor. It can also use Push notifications, so instead of using codes, when you log in to your account from a strange device, your phone asks you if this login is OK and you say "Yea" or "Nay".

    Edit: Everybody should use 2FA on every on-line account where available - it dramatically improves your security posture.


  • Registered Users, Registered Users 2 Posts: 831 ✭✭✭damon5


    While texting you a unique code is more secure than not having 2FA, you would be better off going with an authenticator app, like Google Authenticator. It's available for both Android and iOS.

    This generates the unique codes for the second factor. It can also use Push notifications, so instead of using codes, when you log in to your account from a strange device, your phone asks you if this login is OK and you say "Yea" or "Nay".

    Edit: Everybody should use 2FA on every on-line account where available - it dramatically improves your security posture.

    Have to start doing my homework as i,ve mentioned before not computer literate so its like a foreign language to me,cheers..


  • Registered Users, Registered Users 2 Posts: 572 ✭✭✭Joe Exotic


    Blowfish wrote: »
    For obvious reasons, you can only do it for an entire domain if you can actually prove you own/have control of that domain. Definitely no harm in asking your Infosec/IT guys if they have it set up though.

    We've had it alerting us on our domain for a good while, it's useful, though can lead to some...interesting conversations with users regarding some of the stuff they've signed up for using their work address which probably would have best been left to a personal one.

    @blowfish you are of course correct i should have been clearer.
    I was referring more to a member of IT SEC doing it without informing IT SEC Management, its important that if this resource is being used then that it be official as not having it listed can cause complications in the above situations

    e.g. senior Manager has email in a NSFW site and you find out through the haveibeenpwned service. if you inform the company then it may become about how your using unauthorised service rather than about what the senior manager has been up to with their account !!


  • Closed Accounts Posts: 1,198 ✭✭✭testicles


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    testicles wrote: »
    I would argue that that is not 2FA at all, but instead 2 stage authentication, seeing as it's the same factor.

    Yeah, it's an old and ongoing argument. My own opinion is that it's somewhere in the middle.

    You do have to have possession of your phone to receive the code. That's the "Something your have". Of course, once you view the code, it becomes "Something you know".

    However, regardless of which side of the argument you come down on, it's better to have this enabled than not, where possible.


  • Closed Accounts Posts: 1,198 ✭✭✭testicles


    This post has been deleted.


Advertisement