Everyone Here Has Had Their Security Compromised!!!

[Randy B. Singer]

Security experts are referring to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases as "The mother of all breaches".

“Why should I care? How does it impact me?”

The breach includes over 26 billion records. That’s staggering. And that means if any of your accounts are included (or if you reuse passwords anywhere), you need to take action in order to protect yourself and your family.

Who’s impacted? The database includes data from a wide variety of commonly used websites, including:

- Mac-Forums
- Tencent
- Deezer
- Dropbox
- LinkedIn

Personal data link checker:

https://cybernews.com/personal-data-leak-check/

More info:

What to do if you were impacted by “The Mother of All Breaches” | 1Password

Experts are referring to the recent discovery of a massive database from hordes of previous breaches and leaks as the Mother of All Breaches. Here’s what you can do if you were impacted.

blog.1password.com

Why the ‘mother of all breaches’ is a wake up call for everyone

The leak, dubbed the ‘mother of all breaches’, contains data from historic breaches and affects users of LinkedIn, Dropbox, and Twitter

www.itpro.com

 

[Raz0rEdge]

Everyone should have MFA enabled on all accounts that support it. Everyone should be using a password manager to generate strong passwords. Everyone should be using said password manager to cycle their passwords on a, minimum, quarterly cadence. All password managers have an indication of an age of your passwords, so change the ones that you haven't already.

My data has been out there since the Internet came into existence, but other than getting annoying random spam emails to my box that's easily managed, there has been no consequences because I follow the best practices described above.

So don't freak out, don't get scared, just get diligent.

 

[MacInWin]

My personal data was compromised in several different security failures. I have multiple identity protection subscriptions paid for by the organizations that were broken into. The worst was the Office of Personnel Managment (OPM) of the US Government, where my entire security application was stolen.

As a result, just about everything is locked down, hard. I do use a PW generator and I do change PWs, although not on a schedule. And I use passcodes when available, along with biometrics. If a site doesn't offer MFA, then I won't do much there with any privacy data.

 

[RadDave]

Over the years, I've done these password leakage checks, usually on 'HaveYouBeenPawned' - now I do most of what has been mentioned, i.e. use 1Password, closely check emails for spam/phishing/etc., and use MFA (now have added a few passkeys) on sites that could affect my finances (banks, credit card companies, PayPal, Amazon, TIAA-CREF, and others).

But in using Randy's link (and a link within), my main login name had a dozen 'leaks' shown below - most of these I've not heard of or have not used in years (e.g. Avast & Dropbox) - the others are likely oldies w/o any financial info - the Mac-Forums listing is an issue from 2016 (according to the pawned listing). NOW, I do not change my PWs routinely - certainly a good idea but 'laziness' seems to take over - Dave
.

 

[Rod]

I remember the first time I used Have I Been Pwned: Check if your email has been compromised in a data breach it sent me into a whirlwind of activity, adding and updating passwords, putting MFA in place for the sites that offered it and using the built in password generator in my password manager to replace my memorable passwords.

Not long after that I started using Google Authenticator, this system of generating a one off, unique password via a phone app was fairly new at the time, now there are several such apps, one of my banks has their own, while the other continues to rely on tokens and SMS OTP's . Microsoft has their own as does Adobe. Others require ID confirmation on a secondary device such as your iPhone using their iOS app such as TransferWise and PayPal.

I regularly perform an audit on my password manager to check for compromised and weak passwords and update accordingly. Obviously where my email address is my user name there is little I can do but putting MFA in place and using regularly updated and complex passwords means hackers can only get as far as, "I Forgot my Password". In most cases this means a new password being sent to that email address/phone number or at least a reset code. To access that a hacker would need access to my email account or phone number. Adding my email account/phone number to a new device requires MFA which would also alert me. I'm sure we have all received automatically generated, "your ... account has been added to...if this wasn't you..." ect. So, as I see it there is little I can do to protect my email address, it's already "out there" but so long as that's all that's available it only gets a hacker to first base. Of course using secondary (disposable) email address's is a good idea and I do that now, but I'm probably "shutting the gate after the horse has bolted."

So, I agree with Ashwin, "don't freak out, don't get scared, just get diligent."

 

[RadDave]

BUT ALL - what do you do with your spouse (I'm NOT being gender specific here at all since the issue can go both ways) - for me, my (very intelligent wife, an Ivy league school, University of Chicago, & U of Michigan where we met) spouse just will not listen to my advice - her passwords are a mess, i.e. short, repeats, etc. - I'm making some progress but get chastized for the effort! Won't go into the details, however, I'm making some progress - wish me luck - Dave