Have I been pwned?

Page 2 of 2 FirstFirst 12
  1. Compumind's Avatar
    Posts : 2,530
    Windows 10 Pro x64, Various Linux Builds, Networking, Storage, Cybersecurity Specialty.
       #11

    Jacee said:
    Using a different computer, that is known to be clean, change your passwords.
    I suggest running a deep AV scan with other tools to eradicate any potential nasties. - Use MBAM (free) and SAS (free - just for the heck of it.)
    If you do what @Jacee said without the scans you are just reopening the wound. Passwords must be changed, though when the system is certified clean.

    Also clear your entire Browser contents - everything - for each Browser that you have.

    You can use CCleaner (free) and select Custom Clean and it will do it for you.

    Last edited by Compumind; 4 Weeks Ago at 19:37.
      My Computer

  2. Callender's Avatar
    Posts : 2,900
    Windows 10 Home 1903 64-bit
       #12

    The OP has only visited h**ps://haveibeenpwned.com/ website and typed in their email to check results.

    It's a legit site.

    Results should show what type of data leak took place. Change passwords anyway. Take other appropriate action.

    Here's what it shows for one of my old accounts:

    Have I been pwned?-have-i-been-pwned.jpg
      My Computer


  3. Posts : 147
    Windows 10
       #13

    Also, be careful of where you're putting in personal information in the first place.
    Don't just believe your personal information is going to be locked up in a vault some place that will never get jarred open. That is a common fallacy. Your data is stored on a server somewhere. A server is simply a specialised version of a particular OS that in many cases is a computer just like any other. It's not a bomb proof vault. Anyone can run a server. But it takes a very skilled and talented team of highly qualified professionals to run and maintain a server that has millions and millions of users and interactions daily. This simple difference is often the difference between a website getting compromised or not.

    As a rule of thumb keep personal information that can be used to identify you to an absolute minimum and only unless absolutely required. That goes for any website. Decent exceptions are places like Amazon for example that have a very strong reputation for customer data protection. Others include Google as well. Although with these sites even though they are safe from attack that doesn't mean the very sites themselves won't use that data for their agendas.

    You should just be careful anyway, whether breached or not.
      My Computer

  4. Golden's Avatar
    Posts : 1,594
    Windows 10 Pro x64
       #14

    @nithig

    Use a decent 2FA/MFA application on your most valuable accounts (e.g. email account etc.) as an additional layer of security, once you have changed your password.

    Duo and Authy are possibly the most well known.
      My Computers

  5. Jacee's Avatar
    Posts : 906
    Win 10 home 1909 18363.900
       #15
      My Computer


  6. Posts : 126
    Win 10 OS Build 18363.720
    Thread Starter
       #16

    So many to thank .... please take it that I have read and digested your contribution.
    Since starting the OP I have discovered the following: -
    Zynga: In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
    Compromised data: Email addresses, Passwords, Phone numbers, Usernames





    Interestingly I have never been to this website.
    Amid 173m unique email addresses with usernames I don't feel so bad and nothing has phished my since Sept 2019
    I keep my browser (FFox) clean with CCleaner.

    It took a while to get there but now I am and am grateful to you all for the lessons learned.


    Now I will change passwords.
      My Computer



  7. Posts : 147
    Windows 10
       #17

    You'll be surprised how many websites will have your details.
    And I don't want to disappoint you but CCleaner won't protect you. CCleaner is a privacy tool. Privacy and security are two different things. Getting hacked is a security problem. Getting your data into the wrong hands through a breach is often a privacy problem. You can't wipe away the possibility of a site getting hacked with CCleaner. You can wipe your drive a million times and it still won't make a difference whether ABCwebsite.com (for example) has secured their server and patched known vulnerabilities, for example.

    You can do very little to protect websites from getting hacked, and this is what the main concern was if I'm correct. The website in question was created to announce breaches of websites where huge troves of data was stolen ie the website got hacked. When you're referring to a website a website is just a bunch of files (pages) hosted on a server somewhere. A website address is actually just an IP address disguised as something more user friendly and understandable to humans which is communicated to your computer through DNS resolution. In reality this website you are using now, Tenforums, is really just an IP address that relates to a server you are connected to. You connect to it, you make requests, the requests are either accepted or denied, the server offers resources depending on lots of things like permissions etc. You get what you want and you leave. When a website gets hacked a server gets hacked. A physical computer owned by somebody somewhere was broken into. You cannot control that.

    It's often a mysterious area of interest that most people often relate to idealistic fantasy. We mention the cloud for example. The cloud doesn't exist. There's no cloud. The cloud is the internet. The internet is simply a HUGE network of computers communicating to each other through a protocol they all recognise (TCP/IP). Nothing more. When you realize these things you can become more realistic in your approach to dealing with things. Things are no longer shrouded in obscurity and/or myth and you understand your responsible compared to the responsibility of web admins.

    In this way, you can then be relieved of any duty you believe you have in 'protecting' things. You can only protect yourself. Leave the websites down to the admins. If they don't know the difference between chown and chmod then you've got a problem. If they haven't patched and updated their version of ssh or apache or cpanel or something that's their issue. It sucks your data then gets leaked but in terms of what you can do, you can very little.

    Other than...
    Changing your passwords. Again, coming back to security it would depend on your threat model. If you're a chief exec whose had valuable information stolen that could compromise the company you look for then you're going to want to do a lot more than changing passwords. You might want to rethink your entire security posture and get some experts in to red team the infrastructure before the bad guys turn up and then hopefully fix the leaks. If you're just like the average guy, like me, like everyone else (probably) changing your passwords is more than enough. Again, your data could get leaked and it doesn't matter if your password is 10 characters or 50. If the passwords have been cracked and they were not hashed and salted then you've got a serious issue ie stored in plain text. If they have then it becomes a harder process of cracking them but not impossible. Again, very little you can do.

    You'll be surprised to learn that most peoples passwords are actually on word lists and ready instantly in dictionary/word list attacks. You can download word lists for yourself and you'll find that if you really went through lots of email address you'll find those words in the list unlock most email accounts WITHOUT hacking into a server and obtaining password dumps.

    It's one of those things where the chance of attack is always higher than the chance of defense. That's just how things have worked for a long time. And as a user, a customer etc you can't do much but sit back and put faith in the websites you visit and hope they store your data safely.
      My Computer

  8. Porthos's Avatar
    Posts : 824
    Win 10
       #18

    nithig said:
    So many to thank .... please take it that I have read and digested your contribution.
    Since starting the OP I have discovered the following: -

    Interestingly I have never been to this website.
    Amid 173m unique email addresses with usernames I don't feel so bad and nothing has phished my since Sept 2019
    I keep my browser (FFox) clean with CCleaner.

    It took a while to get there but now I am and am grateful to you all for the lessons learned.


    Now I will change passwords.
    Do you have a Facebook account? Have you played any Facebook games?
      My Computers


  9. Posts : 126
    Win 10 OS Build 18363.720
    Thread Starter
       #19

    Hi Porthos,
    no, I don't belong to any social media at all.
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:52.
Find Us




Windows 10 Forums