Bulk Workwear - Clothing Suppliers for the Whole Forum Network
This official sponsor may provide discounts for members
Advertisement - Content continues below
Advertisement - Content continues below

Discuss Has the password you commonly use ended up on a database somewhere via a breach? in the Need help with ElectriciansForums.net? area at ElectriciansForums.net

Dan

Admin
Welcome to ElectriciansForums.net - The American Electrical Advice Forum
Head straight to the main forums to chat by click here:  American Electrical Advice Forum


Enter your password you use in various places (note, you should always use a different password for each login you have) into the website above and you will see if it has been included in breaches.

So like when Yahoo got hacked, eBay got hacked, Adobe got hacked, banks got hacked, various other departments of countries and stuff got hacked. The nice hackers, the ones helping fix loop holes, made a searchable database so you can check against it to see. (Full list of websites that have been hacked, and have had to publicly admit it because their databases ended up on the dark web: Have I Been Pwned: Pwned websites - https://haveibeenpwned.com/PwnedWebsites )

If it has been stolen before and ended up on a list, then you need to change it on sites you use it on. Including ours.

Not that once somebody is in your account they can do anything but post under your name (so they can't access other peoples accounts etc).

You can also enter a domain for email addresses on this page: Have I Been Pwned: Domain search - https://haveibeenpwned.com/DomainSearch
Though that doesn't matter too much. You may find your own email address has been breached. And if so, your password may have been to, and that then gets used and entered into other sites, like paypal etc, and that's how they steal your money. It's what the aim is in the first place for them to breach a big company. That and ransom. Whichever pays best.

So, if you password is poor, change it on the forum: https://www.electriciansforums.net/account/security

You can also enable two-step verification, if you do, use the App option and not email.

ElectriciansForums.net - Keeping you secure :D :D :p :p
 
Wetroom Store - Network Wetroom Suppliers
This official sponsor may provide discounts for members
Advertisement - Content continues below

Dan

Admin
  • Thread Starter Thread Starter
  • #3
Anddddd, it's run by hackers!!!!! lol

But you're only searching a database. So they don't know what your password is for. To them, and their website, you're entering digits that mean nothing. They're not connecting you to anything or your password.

Not only that, without these guys, some massive companies who had their systems hacked were not going to say that they got hacked. But these guys bought the data from the hackers who stole it, and published it, so that the firms had to release a press release and inform their customers who got hacked.

Without these guys, half your systems you login wouldn't be as secure as they are. Including our forum. Which now uses their database to scan against when people are setting their passwords here.

(Again, they don't link it to you, or even our forum, we don't have an API with them - we use the front end to scan against, no data is shared beyond a 'yes that password is secure' (then the forum says you can use it) or 'no that password is in our database' (then the forum says you can't use it) - Either way, they don't know it's the forum checking, or you, or your email to link them together. Etc etc

It's super easy for people to confuse things like this. And it's well worth discussing if for a second you thought you are willing to put your password into this forum, where we store it against your email, and worry about putting it in that website, which doesn't store it at all!

:)
Post automatically merged:

P.s. - A password tip regarding how many attempts one takes to hack by way of brute force attempts (just repeating guessing it).

1569088609452.png
 

littlespark

-
Arms
Esteemed
Advent Win
the 4 random word thing is great, however most websites want you to use something that isn't a word, has upper and lowercase letters, has numerals and now want symbols...

So now my passwords have been changed to have a capital letter at the beginning, the year or something after and now evolved to have an additional question mark after them.

I just checked my computers login password. What do they say about mother maiden name? Only shows up 3,250 times!
 

Dan

Admin
  • Thread Starter Thread Starter
  • #5
They have data on 8,481,939,203 email accounts, with only 405 companies being breached/hacked. That's a lot of users for such a small amount of companies. That means they're only really publishing the bigger companies. This kinda breach is going on every day. Everywhere. With much smaller sites like ours.

Though we use CloudFlare.com to route traffic through, which hides our server IP. Our server uses lots of software to 'root to null' suspicious patterns of traffic (means they end up on a whitepage - like the old BlueScreen on Windows, it just ends their search and attempts). We use Amazon AWS for our bulk emails, that hides our origin server. We use the paid-for email service from Gmail (we have too many emails for a standard free email account and use our own domains too) for our own office emails, and those too hide our own IP's etc.

And we have two-step verification active.

We keep all our software across the network up to date to within a month. That's a massive issue with our competitor forums, their own small web hosts wont be as -----hot as us.

We have servers in France, on their new networks, which out bandwidth our UK/London networks that can't be upgraded anymore to keep up with the times, so that any DDOS attacks we get (and we still get attacked quite often but they give up quickly) is outbandwidthed.

We have security systems that are akin to banks. Have our servers on racks that share hardware WITH banking servers.

And we backup data, and all changes to data, 4 times a day fully. And then also a rolling forum backup, so I can pick a time and day for the past 4 weeks, and take 1 file from it, in its state at that very time. And if it changed over those 4 weeks, I can see when and how that was changed.

We plug warning code into those logs, to notify myself, and my Italian awesome teenage web server guy who gets paid very well for his time, when a single thing changed beyond out expectations.

Even then, I can't promise anything. But what I can promise is, we're on the ball for you. And have seen all attempts to gain your data. From people saying "I'm in college and am doing an essay on plumbers, can I post a thread up with a survey on it" which then collects your email addresses. Simple email scam.

To actual constant, persistent and very aggressive hackers trying to DDOS the forums to break a certain part so they can access another.

I've got your back mate. If I have linked to a website and said enter your password in it. You can be as sure as hell I've checked it is safe.
Post automatically merged:

the 4 random word thing is great, however most websites want you to use something that isn't a word, has upper and lowercase letters, has numerals and now want symbols...

So now my passwords have been changed to have a capital letter at the beginning, the year or something after and now evolved to have an additional question mark after them.
They're old school and need get with the times. :)

We accept long word sequences. *goes to check
 

Dan

Admin
  • Thread Starter Thread Starter
  • #7
Wow. Even after me explaining what it is?

#TrustIssues lol

Your choice matey. :)

Just make sure your password are strong everywhere is all I'm saying. :)
Post automatically merged:

Here we go. Conspiracy theorists always trust Wikipedia.


And then perhaps if not that, you use 1Password? The most popular password vault going? Have I Been Pwned | 1Password - https://1password.com/haveibeenpwned/

Tech crunch article about it looking for a new owner

Post automatically merged:

A quote from that article.

“There’s a whole heap of organisations out there that don’t know they’ve been breached simply because I haven’t had the bandwidth to deal with it all,” he notes on the latter — a sentence that should send a chill up spines everywhere.
People are a bit in the dark about this stuff. You guys just trust companies you give your details to have it all sorted. But they often haven't. Even tech ones.
 
Last edited:

pirate

-
Arms
Esteemed
I appreciate all the explanations Dan, thank you.
However, an email isn't really much use, in normal circumstances, to a hacker, unless he/she can key-log too. After all, most people share their email address freely, knowing that when they go to online banking they have several further steps to complete for verification.
Maybe I'm not too savvy here, but you would have to be daft to use the same password all the time. Honestly, if someone new my login details for this forum, I wouldn't lose any sleep over it. All they could do is post some really rude stuff and I'd get the blame!
I never store payment details on sites like Amazon, so if someone steals my login they can buy what they like, but I won't be paying for it...hence, no 1-click ordering for me.
Interestingly, if I copy and paste in this thread, the paste also pastes the url for this thread...is this normal?
A few weeks ago I got an odd email, which curiosity made me open...I know, I know! I'm happy with my security setup, and wasn't going to click on anything. Basically, the email said:
We know that your password for a website is "blankety-blank 44". They didn't specify which website, but the password was correct. They then said that they had control over my PC and had switched on my webcam without me being aware, had logged the sites I visited and also filmed my actions when on certain sites, which, if released to people on my contacts list would cause me great embarrassment etc etc , loss of job, loss of friends, marital trauma, all that stuff. However, a modest payment of $998 would solve the problem and I wouldn't hear from them again.
All rubbish, of course, plus I don't give a flying foxtrot what they pretend they saw me doing on camera...plus nobody I know would bother about it either, so I decided not to pay on this occasion!
However, they did have the password. It was an expired password, as I had updated it some time ago for that particular website. Nevertheless, they had got it somehow.
I expect if I had panicked and paid they would have taken all my money...but I am curious as to how they got the password...maybe a mis-keying by me in the wrong place? It is a very popular website. I hardly ever go there. Should I tell them? Should I share the website name on here so others can check their security status? Certainly makes a change from the Nigerian Prince story of millions of dollars of gold bullion just waiting to be released...
Oh, and as I never use my webcam on my laptop (and don't even have one on my desktop) I have simply put a wee bit of leccy tape over the lens!
 

snowhead

-
Mentor
I too was initially concerned about who they are and the possibility of them collecting passwords, but found an explanation of how they check your password against the database, if correct its quite cryptic, not encryptic.
I checked some of my earlier passwords, now not used and they came up as being in the database hundreds of times, unlike password1 for example that came up thousands.
I tried a couple of my current ones and they don't show.
I didn't try my email as I've had it over 25 years so it must be on all sorts of hacked sites.
However I did this through a VPN which hides your own I.P address.
It's not a free one and I only use it on sites that block traffic from the E.U because they weren't prepared to pay for the work to comply with GDPR compliance.
And no not Porn sites, mainly U.S car parts sites.
 

pirate

-
Arms
Esteemed
Car parts are porn! Like tools!
Post automatically merged:

I use a paid for vpn too, when abroad. Somehow it just feels better...
Post automatically merged:

Classic sailing yachts are porn too!
 

pirate

-
Arms
Esteemed

needs 5 words though
 

Dan

Admin
  • Thread Starter Thread Starter
  • #13
Hmmmm. Not sure you're getting it.

But that's okay. Just check to make sure your passwords are all solid.
 

Lister1987

-
Trainee
Supporter
Advent Win
Wow. Even after me explaining what it is?

#TrustIssues lol

Your choice matey. :)

Just make sure your password are strong everywhere is all I'm saying. :)

I jest, I'm aware how important information security is, just seemed very reminiscent of the linkpwn that did the rounds a few years back but instead of checking your password, it was checking if your license plate had been snapped on speed cameras.
Post automatically merged:

Here we go. Conspiracy theorists always trust Wikipedia.


And then perhaps if not that, you use 1Password? The most popular password vault going? Have I Been Pwned | 1Password - https://1password.com/haveibeenpwned/

Tech crunch article about it looking for a new owner

Post automatically merged:

A quote from that article.



People are a bit in the dark about this stuff. You guys just trust companies you give your details to have it all sorted. But they often haven't. Even tech ones.
Hmmmm. Not sure you're getting it.

But that's okay. Just check to make sure your passwords are all solid.
Add 5 words because the system doesn't count quotes as words
 

Dan

Admin
  • Thread Starter Thread Starter
  • #15
Bulk Workwear - Clothing Suppliers for the Whole Forum Network
This official sponsor may provide discounts for members
Advertisement - Content continues below

Reply to Has the password you commonly use ended up on a database somewhere via a breach? in the Need help with ElectriciansForums.net? area at ElectriciansForums.net

CK Tools :) The professionals choice when it comes to Electrical Tools
This official sponsor may provide discounts for members
Advertisement - Content continues below
Top Bottom