Everyone Here Has Had Their Security Compromised!!!

Joined
Feb 1, 2011
Messages
4,379
Reaction score
2,042
Points
113
Location
Sacramento, California
Security experts are referring to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases as "The mother of all breaches".

“Why should I care? How does it impact me?”

The breach includes over 26 billion records. That’s staggering. And that means if any of your accounts are included (or if you reuse passwords anywhere), you need to take action in order to protect yourself and your family.

Who’s impacted? The database includes data from a wide variety of commonly used websites, including:

- Mac-Forums
- Tencent
- Deezer
- Dropbox
- LinkedIn

Personal data link checker:


More info:


 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,686
Reaction score
2,015
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Everyone should have MFA enabled on all accounts that support it. Everyone should be using a password manager to generate strong passwords. Everyone should be using said password manager to cycle their passwords on a, minimum, quarterly cadence. All password managers have an indication of an age of your passwords, so change the ones that you haven't already.

My data has been out there since the Internet came into existence, but other than getting annoying random spam emails to my box that's easily managed, there has been no consequences because I follow the best practices described above.

So don't freak out, don't get scared, just get diligent.
 
Joined
Jan 1, 2009
Messages
15,340
Reaction score
3,705
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
My personal data was compromised in several different security failures. I have multiple identity protection subscriptions paid for by the organizations that were broken into. The worst was the Office of Personnel Managment (OPM) of the US Government, where my entire security application was stolen.

As a result, just about everything is locked down, hard. I do use a PW generator and I do change PWs, although not on a schedule. And I use passcodes when available, along with biometrics. If a site doesn't offer MFA, then I won't do much there with any privacy data.
 
Joined
Jan 20, 2012
Messages
5,029
Reaction score
393
Points
83
Location
North Carolina
Your Mac's Specs
Air M2 ('22) OS 14.3; M3 iMac ('23) OS 14.3; iPad Pro; iPhone 14
Over the years, I've done these password leakage checks, usually on 'HaveYouBeenPawned' - now I do most of what has been mentioned, i.e. use 1Password, closely check emails for spam/phishing/etc., and use MFA (now have added a few passkeys) on sites that could affect my finances (banks, credit card companies, PayPal, Amazon, TIAA-CREF, and others).

But in using Randy's link (and a link within), my main login name had a dozen 'leaks' shown below - most of these I've not heard of or have not used in years (e.g. Avast & Dropbox) - the others are likely oldies w/o any financial info - the Mac-Forums listing is an issue from 2016 (according to the pawned listing). NOW, I do not change my PWs routinely - certainly a good idea but 'laziness' seems to take over - :sleep: Dave
.

Screenshot 2024-01-25 at 11.57.56 AM.png
 

Rod


Joined
Jun 12, 2011
Messages
9,524
Reaction score
1,779
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 13, iPhone SE 2, iPad 6, Apple Watch SE.
I remember the first time I used Have I Been Pwned: Check if your email has been compromised in a data breach it sent me into a whirlwind of activity, adding and updating passwords, putting MFA in place for the sites that offered it and using the built in password generator in my password manager to replace my memorable passwords.

Not long after that I started using Google Authenticator, this system of generating a one off, unique password via a phone app was fairly new at the time, now there are several such apps, one of my banks has their own, while the other continues to rely on tokens and SMS OTP's (n). Microsoft has their own as does Adobe. Others require ID confirmation on a secondary device such as your iPhone using their iOS app such as TransferWise and PayPal.

I regularly perform an audit on my password manager to check for compromised and weak passwords and update accordingly. Obviously where my email address is my user name there is little I can do but putting MFA in place and using regularly updated and complex passwords means hackers can only get as far as, "I Forgot my Password". In most cases this means a new password being sent to that email address/phone number or at least a reset code. To access that a hacker would need access to my email account or phone number. Adding my email account/phone number to a new device requires MFA which would also alert me. I'm sure we have all received automatically generated, "your ... account has been added to...if this wasn't you..." ect. So, as I see it there is little I can do to protect my email address, it's already "out there" but so long as that's all that's available it only gets a hacker to first base. Of course using secondary (disposable) email address's is a good idea and I do that now, but I'm probably "shutting the gate after the horse has bolted."

So, I agree with Ashwin, "don't freak out, don't get scared, just get diligent."(y)
 
Joined
Jan 20, 2012
Messages
5,029
Reaction score
393
Points
83
Location
North Carolina
Your Mac's Specs
Air M2 ('22) OS 14.3; M3 iMac ('23) OS 14.3; iPad Pro; iPhone 14
BUT ALL - what do you do with your spouse (I'm NOT being gender specific here at all since the issue can go both ways) - for me, my (very intelligent wife, an Ivy league school, University of Chicago, & U of Michigan where we met) spouse just will not listen to my advice - her passwords are a mess, i.e. short, repeats, etc. - I'm making some progress but get chastized for the effort! Won't go into the details, however, I'm making some progress - wish me luck - :question Dave
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top