Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Email with password

  • 11-08-2020 11:06am
    #1
    Registered Users, Registered Users 2 Posts: 263 ✭✭


    Just happened to check my Gmail spam folder and I've received 2 emails recently threatening to do all kinds if I don't pay a ransom.
    I know there's nothing to worry about with regard to the threats but the email did contain a password I use regularly (I know I know!)

    My question, is there any way to figure out what database was hacked for them to get access to the password? I have hundreds of saved passwords and would have used this password a lot so it's a mammoth task to log in to all of them and change the passwords.

    Hope my question makes sense. Thanks for any help.


Comments

  • Banned (with Prison Access) Posts: 2,980 ✭✭✭s1ippy


    https://haveibeenpwned.com/PwnedWebsites

    Stick your email addresses in here and it'll tell you.


  • Registered Users, Registered Users 2 Posts: 263 ✭✭Lightscribe


    Thanks for your response, I've got two breaches and I've changed both passwords.
    With regard to all the other log ins I have with the same password, should I change them all? I have a couple of hundred I'd say. Not a job I fancy taking on!


  • Registered Users, Registered Users 2 Posts: 3,588 ✭✭✭swampgas


    Thanks for your response, I've got two breaches and I've changed both passwords.
    With regard to all the other log ins I have with the same password, should I change them all? I have a couple of hundred I'd say. Not a job I fancy taking on!

    Definitely change them. Maybe get a password manager like lastpass or onepass set up first. And make sure your email accounts are secure. If someone can access your email they can reset passwords of other accounts quite easily. Consider setting up 2FA for critical accounts.

    If you're lucky this is the early warning you needed before something bad happened ...


  • Registered Users, Registered Users 2 Posts: 1,853 ✭✭✭messrs


    Thanks for your response, I've got two breaches and I've changed both passwords.
    With regard to all the other log ins I have with the same password, should I change them all? I have a couple of hundred I'd say. Not a job I fancy taking on!

    Were you able to find out where the breaches were or do you mean you just changed the password on the email address that was used?


  • Registered Users, Registered Users 2 Posts: 263 ✭✭Lightscribe


    messrs wrote: »
    Were you able to find out where the breaches were or do you mean you just changed the password on the email address that was used?
    I used pwned and went to the two websites where the breaches were reported and changed those passwords.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 263 ✭✭Lightscribe


    swampgas wrote: »
    Definitely change them. Maybe get a password manager like lastpass or onepass set up first. And make sure your email accounts are secure. If someone can access your email they can reset passwords of other accounts quite easily. Consider setting up 2FA for critical accounts.

    If you're lucky this is the early warning you needed before something bad happened ...

    I'm happy that my email password is strong but looks like I've a job to do so with securing everything else. Last pass I'm guessing stores everything with one master password as security?


  • Registered Users, Registered Users 2 Posts: 1,853 ✭✭✭messrs


    I used pwned and went to the two websites where the breaches were reported and changed those passwords.

    Ak ok I will have another look so, I went on and put in my email address and it told me how many breaches I had but I couldnt see where to find out what sites they were on

    was looking on my phone, just didnt scroll down far enough to see the details


  • Registered Users, Registered Users 2 Posts: 4,117 ✭✭✭spaceHopper


    I'm happy that my email password is strong but looks like I've a job to do so with securing everything else. Last pass I'm guessing stores everything with one master password as security?

    Make a list of all the accounts you have, any you don't need delete them that way is few years time when this happens again you don't have as much exposure


  • Closed Accounts Posts: 1,698 ✭✭✭kenmm


    Not a job I fancy taking on!


    Its better than having to create all brand new accounts!


  • Registered Users, Registered Users 2 Posts: 266 ✭✭markfinn


    Just to clarify:
    The list on pwned is a list of places people have gotten your email and password FROM. Not a list of places that people have/will USE that email and password.

    If that email and password are used in other places, you need to change your password in all those other places and HOPE you get to them before someone else does.

    That is how hacking works. One incompetent or corrupt administration/team hand out your login details to anyone willing to take them. The takers then run automated login attempts against every other major/profitable website out there using the list of logins, and noting the ones that work.

    The list of ones that work are then sold on at a higher price to those who look to make money through attacking/ransoming your data or using your accounts as part of an identity theft or account value extraction attack.

    You are far, far better off keeping all your unique passwords somewhere (ideally offline), and having them unique, than you are having one "really secure" password reused everywhere.

    As Spacehopper said, be sure to delete any accounts you no longer use.
    I'd add (given how few sites actually delete your account when you hit the delete link) change the password on them to something completely random first.

    Above all else, every site/login you care about should have a unique password, even if you have to save that password list on a set of sticky notes under your keyboard.
    Otherwise they are all only as secure as the least secure among them.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 289 ✭✭randomguy


    I got a similar email in the last day or two.

    I had had a warning from Google (through Chrome) a few times that the password I was using for a number of things was compromised, but hadn't done anything about it - from memory, the hack might have been from boards.ie (apologies if not true, but I have some memory about some hack a few years ago).

    I finally dealt with it today - I went in to "passwords" in Chrome, and it listed all of the websites with compromised passwords that had a password saved in my google account for, and linked to the relevant website. Not many had credit card details saved ( a few had) but I went through each of them and changed them (working from the google list to keep track). There could be others with the same password that I hadn't saved in my google account, but it is a start at least.

    Well worth doing.


  • Registered Users, Registered Users 2 Posts: 141 ✭✭DeconSheridan


    There is a Known DB here from Mozilla and you can check if you
    r Pii was breached from numorus known hacked sites and companies https://monitor.firefox.com/


    my email ****@***.com Appears in 4 known breaches.

    Id recommend get a password manager to help with strong password management and do a complete password reset on all your known accounts along with turning on 2 factor Auth on accounts that provide it.


Advertisement