Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Chrome Data Breach

  • 09-09-2020 8:49am
    #1
    Registered Users, Registered Users 2 Posts: 456 ✭✭


    Can someone explain what is happening with chrome and these password databreach. I got one of these "just now 8 compromised passwords" . But the breaches are for items like my local router (192.168.0.1) and wifi.charteredaccountants.ie wifi.

    By the way I have never used this PC in charteraccountants.ie I dont normally lug it around. Probably used the wifi on on my old laptop from 2018.

    So where exactly is this databreach happening. it looks like it must be in google itself in the cookies on my PC.

    Anyone with knowledge of how this works


Comments

  • Registered Users, Registered Users 2 Posts: 10,900 ✭✭✭✭28064212


    If you sign in to your Google account on Chrome, your passwords are synced across devices, which is likely why you have the charteredaccountants.ie password on this PC.

    The compromised passwords are likely due to one of two scenarios:
    1. Easily guessed/common passwords
    2. Reuse of passwords
    (1) is fairly simple: if your username/password is admin/1234, it's not secure.

    (2) usually means that your username/password has turned up in a password list that was stolen somewhere (not necessarily from the site that you're currently using it on).

    Say some time in the distant past you signed up at [noparse]www.crapwebsite.com[/noparse] as [noparse]onedmc@boards.ie[noparse], password abcdefg, and stopped using the site soon after. More recently, you signed up at [noparse]www.importantbank.com[/noparse] using the same username and password. Then [noparse]www.crapwebsite.com[/noparse] has their database hacked, and the attackers get all the usernames and passwords. They know that if you used [noparse]onedmc@boards.ie[/noparse]/abcdefg on one site, you probably used it on others, so they try those login credentials on hundreds of sites, hoping to get lucky.

    Now, even though [noparse]importantbank.com[/noparse] have perfect security, your login details for it have been compromised. Chrome checks to see if your username or password has shown up in any of the lists that hackers commonly use. You can run a similar check yourself at https://haveibeenpwned.com/ (highly reputable site), just put in any emails that you use for logging in to sites.

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 456 ✭✭onedmc


    I get what you are saying but still dont undersand why chrome are telling me this . Its faily usedless.

    So is it that they figure that chartered accountants data has been "shared" (maybe hacked) and because its in my cookie its suggesting that there is a databreach. Lets be clear I used the code that was on the wall to get access to that wifi, so its not really me.

    somthing similar with the router. I'm sure we all have the same admin for eir/virgin routers again its not me.

    Yea I've done the email check before and understand that its likly that I have similar password on many other sites. once one site is hacked all unhacked sites with the same username are vunerable.


  • Registered Users, Registered Users 2 Posts: 4,267 ✭✭✭mcgovern


    onedmc wrote: »
    I get what you are saying but still dont undersand why chrome are telling me this . Its faily usedless.

    So is it that they figure that chartered accountants data has been "shared" (maybe hacked) and because its in my cookie its suggesting that there is a databreach. Lets be clear I used the code that was on the wall to get access to that wifi, so its not really me.

    somthing similar with the router. I'm sure we all have the same admin for eir/virgin routers again its not me.

    Yea I've done the email check before and understand that its likly that I have similar password on many other sites. once one site is hacked all unhacked sites with the same username are vunerable.

    It's nothing to do with cookies or wifi.
    You have a username and password saved in chrome for those websites.
    As 28064212 said, that username and password combination has been compromised. Either its an easy to guess combination, or it's the same combination that you used for another website that has been comprimised.


  • Registered Users, Registered Users 2 Posts: 10,900 ✭✭✭✭28064212


    onedmc wrote: »
    So is it that they figure that chartered accountants data has been "shared" (maybe hacked) and because its in my cookie its suggesting that there is a databreach. Lets be clear I used the code that was on the wall to get access to that wifi, so its not really me.
    Chrome doesn't know that it's a publically-available password. They just know that you have a password saved that's compromised.
    onedmc wrote: »
    somthing similar with the router. I'm sure we all have the same admin for eir/virgin routers again its not me.
    People who are security conscious don't. If someone can access your router admin area, there's a significant amount of bad stuff they can do. Chrome isn't saying it's just you, they're alerting you that you are at risk. If you want to ignore that risk, it's up to you. A simple way to mitigate the risk is to change the password.

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 8,184 ✭✭✭riclad


    You are very foolish if you use the same password to acess your bank account
    as the one you use for other websites like irish times or any other website.
    i would trust chrome more than i would trust microsoft edge or firefox browsers .
    bing search engine had a few terabyte of search data leaked recently ,they did not even have it encrypted .
    If you use online banking or any financial app you should have a unique
    long password for that app.

    https://www.dailymail.co.uk/sciencetech/article-8761047/Massive-data-leak-Microsofts-Bing-mobile-app-left-100-MILLION-records-exposed-online.html

    i don,t know why someone would install a bing search app on a phone ,when you can just bing or google from a browser.
    I think the more apps you have on your phone the more chance the data
    that app uses could be hacked .


  • Advertisement
Advertisement