The 773 Million Record Collection #1 Data Breach

Page 1 of 5 123 ... LastLast
  1. Anak's Avatar
    Posts : 513
    10 Home Premium 64-bit | v1803 | Build -17134.523
       4 Weeks Ago #1

    The 773 Million Record Collection #1 Data Breach


    Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper.

    Source: Troy Hunt; The 773 Million Record "Collection #1" Data Breach

    Related Search: The 773 Million Record "Collection #1" Data Breach (DuckDuckGo)
    Last edited by Brink; 4 Weeks Ago at 22:07.
      My ComputersSystem Spec

  2. Anak's Avatar
    Posts : 513
    10 Home Premium 64-bit | v1803 | Build -17134.523
       4 Weeks Ago #1

    Wow, over 600 views and no one has any thoughts about this?

    Back at the end of 2013 when Troy Hunt started Have I Been Pwned? (HIBP?) I looked up my main email addy and yep, it came up as having been harvested on two sites that eventually became obsolete for me. I did take the usual remediation such as changing some user names, all passwords and added two-step verification where applicable, I didn't have any problems with my email except for a slight increase in spam that has since dwindled to about three per month.
    I said some usernames. I didn't want the hassle of changing my main email addy mainly because of all the updates to my contacts, but I did strengthen its password. (I know, I know).

    Over the years since then my internet usage was pretty boring until the other day when I received an email from Troy's HIBP? site informing me that I was listed again somewhere deep within the bowels of the 773 million record and the two original obsolete sites were listed again.

    My thoughts:
    • Since HIBP? has the record of my old addy (and that's how I got HIBP?'s notice about the 773) Does that mean the 773 record is redoing the list from the two obsolete sites? I believe the only way to tell is to check my other email addy's; Right?
    • What are anyone's thoughts on staying signed-in or out to/for a site? Some I do stay in like here at TenForums, but other more sensitive sites I always sign-out. I believe that even though your signed-out a black hat has your addy and just needs to crack your password.
    • If signed-in does the web site know an intrusion is being made based on a different unique computer ID being used by a hacker?
      My ComputersSystem Spec

  3. essenbe's Avatar
    Posts : 11,733
    Windows 10 Pro and Windows 10 Pro Insider
       4 Weeks Ago #2

    I saw the post when you posted it and read Troy's blog about it. I'm unsure of what to say except more of the same. After the Equafax breach I'm not sure there is anyone in the US whose personal info is not all over the net. I try to change passwords fairly often with the 'important' ones. I have some I'm not too worried about, but probably should be. I just have too many to keep up with. My email was compromised way back when the Linux Mint forum was breached several years ago.

    I would guess it depends on the site security. I have wondered if you stay signed in it should raise some red flags somewhere if someone tries to sign in again from a different computer. Especially the financial sites. I don't know if that is true but it seems it should be.

    BTW, I am on the Collection #1 list as well as a couple of others.
      My ComputersSystem Spec


  4. Posts : 18
    win10 64x home retail
       4 Weeks Ago #3

    Well, its not a new breach but an old one,, who resurfaced again, two or three years old, read this somewhere..
    For me, two years ago i begon the use of Lastpass with 2fa if possible.
      My ComputerSystem Spec

  5.    4 Weeks Ago #4

    I had an email address for 10+ yrs. All of a sudden, I started getting 40+ spam emails per day and eventually went to my ISP and cancelled that address. Just checked it on Pwned and it is not there.
      My ComputerSystem Spec

  6. Cliff S's Avatar
    Posts : 23,178
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       4 Weeks Ago #5

    If your Email address pops up on haveibeenpwned there is a separate site to check passwords separately Have I Been Pwned: Pwned Passwords

    Troy Hunt: Introducing 306 Million Freely Downloadable Pwned Passwords
      My ComputersSystem Spec

  7. Faith's Avatar
    Posts : 690
    Windows 10 Home October 2018 Update 64-bit
       4 Weeks Ago #6

    These are sites that has been breached with the associated e-mail, correct? I mean, my E-mail have main password, but I assume this means different sites that has been breached, and that the linked mail address/password for that site has been compromised and pasted/collected? I never use the same password on any site.
      My ComputerSystem Spec

  8. Cliff S's Avatar
    Posts : 23,178
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       4 Weeks Ago #7

    Faith said: View Post
    These are sites that has been breached with the associated e-mail, correct? I mean, my E-mail have main password, but I assume this means different sites that has been breached, and that the linked mail address/password for that site has been compromised and pasted/collected? I never use the same password on any site.
    Some of these email accounts in this breach have old passwords(if you change them every once and a while like I do)
    My gmail was pawnd, but my current password is good.

    This is Troy Hunt, the owner of HIBP,

      My ComputersSystem Spec

  9. Faith's Avatar
    Posts : 690
    Windows 10 Home October 2018 Update 64-bit
       4 Weeks Ago #8

    I want to know how these passwords have been collected. Have Google and Microsoft leaked my main password? If my mail address is on the list it means it's been compromised via another site, right? Then my question is, do they collect different passwords on the breached/leaked sites on the same associated mail address?
      My ComputerSystem Spec

  10. Cliff S's Avatar
    Posts : 23,178
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       4 Weeks Ago #9

    Faith said: View Post
    I want to know how these passwords have been collected. Have Google and Microsoft leaked my main password? If my mail address is on the list it means it's been compromised via another site, right? Then my question is, do they collect different passwords on the breached/leaked sites on the same associated mail address?
    The servers get breached on the sites you use, and then the same email and password(if cracked, or if god forbid the site left them in the open instead of hashing them with SHA256(or higher), is tested on other popular sites.

    Always create a different password when joining a new site, never use your email accounts password.
    Most sites like Ten Forums just need the email address to validate you wanted to join, and the password yoou created for here, is to make sure only you have access to your account here,
      My ComputersSystem Spec


 
Page 1 of 5 123 ... LastLast

Related Threads
Hello how can I delete "saved password" and "form data" of microsoft edge manually ?! after too much search in google .... I trid to delete some value of the following registry address HKEY_CURRENT_USER\SOFTWARE\Classes\Local...
i have been fumbeling around with the microsoft game bar "record that" feature for a bout 3 months now and i hate how limited the button options are, one being that it even in the custom button options revolve around the windows key and i dont want...
Is it possible to change "Open" and "Save As" windows view to "List" instead of "Details" globally without having to set List view in File Explorer? I would like to use Details view in File Explorer and List view for "Open" and "Save As" windows. ...
After i installed windows 10 on my Asus N53SV, the keyboard doesnt work properly. I look on the internet for help, but it looks like im the only one. I tried uninstall and reinstall almost everything i know. From keyboard driver, touchpad, etc....
I am trying to re-install a Windows Store app (AccuWeather) after rebuilding my Windows 10 Mobile on a Lumia 950XL. The app appeared to download correctly in the Store installation queue, but the install appears to be stuck in the "Restoring user...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:47.
Find Us