Giveaway of the Day Forums

1. 

   mikiem2
   Moderator

   troyhunt[.]com/the-773-million-record-collection-1-data-reach/

   neowin[.]net/news/773-million-e-mail-addresses-have-been-exposed-in-one-of-the-biggest-known-data-leaks-yet

   haveibeenpwned[.]com/

   Troy Hunt, who runs haveibeenpwned[.]com, was tipped off to 87GB (!) of data in a collection on MEGA. It was actively being discussed in forums etc., so this is out there & being used. The data, emails & passwords, originated from many different sites, so it's not the usual case of whatever site being breached, & if you didn't have an account there, you were safe. This data has been added to the database at haveibeenpwned[.]com, where you can enter an email address or password to see if there's a match in their records, which would mean it's been stolen & is available to bad guys.

   Posted 5 years ago #
2. 

   mikiem2
   Moderator

   An added warning not to reuse passwords, seems there's at least a slight uptick in using lists of stolen passwords [e.g. the lists in the 1st posts] with brute force attacks.

   zdnet[.]com/article/dailymotion-discloses-credential-stuffing-attack/

   Posted 5 years ago #
3. 

   Whiterabbit-uk
   Games Guru

   Thanks for posting. I checked my main gaming email and after scanning only several of the list I had five of them prior to their data breaches Adobe, Drop Box, DISQUS, Nexus and Dlh.net. I changed the passwords immediately.

   I have received some very alarming emails over the past three or four months, purporting to have observed me via my web cam and have been threatened with the person disclosing videos of myself watching porn. Some of the emails even appear to have been sent by my main email and they always include the password. I only ever connect my webcam if I'm talking to friends online, which since my wife's brain hemorrhage back in Oct 2017 have been never. Also, the password that they showed me was an old password that i changed several years ago. They have obviously picked up those details from hacked gaming site as I only used that email and password for gaming accounts.

   Just goes to show how anyone can become vulnerable if they have created lots of accounts online over the years. Thankfully, apart from not having my web cam attached since 2017, plus the old password and the fact that I don't need to watch pornography online was a clear sign to me when I first received an email that it was a scam. Sadly, some people would be conned by such a scam, especially if they were guilty of the things the hacker was suggesting and would more than likely pay up. They were asking for almost $900. I'm sure there was a movie covering the same scam fairly recently. I seem to remember watching it last year, where a teenager was watching porn on his bedroom computer etc etc...... He was then blackmailed by an online hacker who had gained access to his computer and had videoed him.

   I just ignored all the emails I've received; but as a precaution, I have changed all my email and main game accounts passwords and even made a 30 letter/number password to access my computer. I also intend to change them on a fairly regular basis. I've not decided how often yet, but it is better to take the extra precautions just in case.

   I was chatting to my cousin several weeks ago and mentioned it to him and he told me he'd had the same threats.

   Posted 5 years ago #
4. 

   mikiem2
   Moderator

   It's not a matter of however many isolated hackers anymore, but rather a full fledged industry, in some cases one of the major industries in a given country by revenues. You have kids [teens] who get into it making hundreds or even thousands of dollars/pounds a week, because it's easy money & they don't know any better. You have people who have a very hard time making enough to live on otherwise, getting into cybercrime almost as a necessity -- they just live in countries without much if any job opportunities they could take advantage of. You have big crime organizations, including the classic definition of the mob, which might spend millions on infrastructure it's so lucrative. You have government sponsored groups or organizations, which might go the cybercrime route to finance their activities, e.g. allegedly N. Korea, along with intelligence agencies that spy on the US & UK, which BTW actively recruit highly trained personnel from America's NSA & Britain's equivalent.

   There really is no 100% guaranteed way to stay safe. One thing that makes it tolerable is that your banks try to hide it when they get hit, absorbing [& passing on] the costs rather than risking any loss of confidence. And being a defacto industry, the people in it span all skill levels, with the best of the best going after prequalified targets rather than you or I. Those behind the scams you've received probably target millions of people, since it barely costs them any more money to target millions vs. dozens. They may not have a high success rate, but even a smallish percentage of people who pay can still bring them millions of dollars/pounds.

   One thing that **might** help is using a different email service. I've had email accounts with Very high rates of spam, & once I stopped using them, after a while that stopped, and I could start actively using them again -- of course by that time the accounts I had been using were starting to get bad. Those email accounts that had become a problem weren't involved in hacks that I'm aware of, so I assume a high percentage of sites either aren't aware or don't publish that they've been hacked, or else they're selling my email address. I actually lean towards the 2nd... I set up an email address just for higher risk stuff, never using it for what I considered important, like Amazon or bank accounts or purchases. It's the address I use to register GOTD apps. And it gets the least amount of spam & scams compared to my other accounts! It's used with many more small companies, which would be the most prone to both getting hacked & not knowing that they were hacked, so I would think that if that was how my email addresses were getting spread among hackers & spammers, that throwaway account would have much more, not less junk emails.

   "I have changed all my email and main game accounts passwords and even made a 30 letter/number password to access my computer. I also intend to change them on a fairly regular basis. I've not decided how often yet, but it is better to take the extra precautions just in case."

   Great Idea! A very common saying is that criminals only have to get it right every once in a while to be successful -- we OTOH have to get it right Every-Single-Time or we lose. It's the extra precautions that can often make or break our success.

   Posted 5 years ago #

RSS feed for this topic

Reply

You must log in to post.