Troy Hunt: The 773 Million Record "Collection #1" Data Breach. 17 January 2019
Last Updated: 17 Jan 2019 at 22:07
Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper.
Wow, over 600 views and no one has any thoughts about this?
Back at the end of 2013 when Troy Hunt started Have I Been Pwned? (HIBP?) I looked up my main email addy and yep, it came up as having been harvested on two sites that eventually became obsolete for me. I did take the usual remediation such as changing some user names, all passwords and added two-step verification where applicable, I didn't have any problems with my email except for a slight increase in spam that has since dwindled to about three per month.
I said some usernames. I didn't want the hassle of changing my main email addy mainly because of all the updates to my contacts, but I did strengthen its password. (I know, I know).
Over the years since then my internet usage was pretty boring until the other day when I received an email from Troy's HIBP? site informing me that I was listed again somewhere deep within the bowels of the 773 million record and the two original obsolete sites were listed again.
My thoughts:
Since HIBP? has the record of my old addy (and that's how I got HIBP?'s notice about the 773) Does that mean the 773 record is redoing the list from the two obsolete sites? I believe the only way to tell is to check my other email addy's; Right?
What are anyone's thoughts on staying signed-in or out to/for a site? Some I do stay in like here at TenForums, but other more sensitive sites I always sign-out. I believe that even though your signed-out a black hat has your addy and just needs to crack your password.
If signed-in does the web site know an intrusion is being made based on a different unique computer ID being used by a hacker?
I saw the post when you posted it and read Troy's blog about it. I'm unsure of what to say except more of the same. After the Equafax breach I'm not sure there is anyone in the US whose personal info is not all over the net. I try to change passwords fairly often with the 'important' ones. I have some I'm not too worried about, but probably should be. I just have too many to keep up with. My email was compromised way back when the Linux Mint forum was breached several years ago.
I would guess it depends on the site security. I have wondered if you stay signed in it should raise some red flags somewhere if someone tries to sign in again from a different computer. Especially the financial sites. I don't know if that is true but it seems it should be.
BTW, I am on the Collection #1 list as well as a couple of others.
Well, its not a new breach but an old one,, who resurfaced again, two or three years old, read this somewhere..
For me, two years ago i begon the use of Lastpass with 2fa if possible.
I had an email address for 10+ yrs. All of a sudden, I started getting 40+ spam emails per day and eventually went to my ISP and cancelled that address. Just checked it on Pwned and it is not there.
Computer Type: PC/Desktop System Manufacturer/Model Number: ۞ΞЖ†ԘΜΞ۞ OS: Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu CPU: Intel Core i9 9900K Motherboard: ASUS ROG Maximus X Hero Memory: 32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T Graphics Card: ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X Sound Card: (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio Monitor(s) Displays: BenQ BL2711U(4K) and a hp 27vx(1080p) Keyboard: Trust GTX THURA Mouse: Trust GTX 148 PSU: Corsair HX1000i High Performance ATX Power Supply 80+ Platinum Case: Phanteks Enthoo Pro TG Cooling: Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phante Hard Drives: C: Samsung 960 EVO NVMe M.2 SSD
E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
G: System Images -> Samsung 860 Pro 2TB Internet Speed: 25+/5+ (+usually faster) Browser: Edge; Chrome Antivirus: Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS Other Info: Router: FRITZ!Box 7590 AX V2
Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
Computer Type: PC/Desktop System Manufacturer/Model Number: Hyper-V Virtual Machine OS: Windows 10 Insider Build - Fast Ring CPU: 8 Virtual Processors(8 threads) Motherboard: N/A Memory: 8192 MB - Dynamic Memory turned on Screen Resolution: Being a VM, it depends what size I need at a given moment;) Hard Drives: VM is on a separate internal SSD(Samsung 850 EVO SSD) Browser: Edge, chrome Antivirus: Defender Other Info: Secure Boot enabled,
All Integration Services are turned on,
Enhanced Session Mode selected
These are sites that has been breached with the associated e-mail, correct? I mean, my E-mail have main password, but I assume this means different sites that has been breached, and that the linked mail address/password for that site has been compromised and pasted/collected? I never use the same password on any site.
These are sites that has been breached with the associated e-mail, correct? I mean, my E-mail have main password, but I assume this means different sites that has been breached, and that the linked mail address/password for that site has been compromised and pasted/collected? I never use the same password on any site.
Some of these email accounts in this breach have old passwords(if you change them every once and a while like I do)
My gmail was pawnd, but my current password is good.
Computer Type: PC/Desktop System Manufacturer/Model Number: ۞ΞЖ†ԘΜΞ۞ OS: Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu CPU: Intel Core i9 9900K Motherboard: ASUS ROG Maximus X Hero Memory: 32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T Graphics Card: ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X Sound Card: (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio Monitor(s) Displays: BenQ BL2711U(4K) and a hp 27vx(1080p) Keyboard: Trust GTX THURA Mouse: Trust GTX 148 PSU: Corsair HX1000i High Performance ATX Power Supply 80+ Platinum Case: Phanteks Enthoo Pro TG Cooling: Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phante Hard Drives: C: Samsung 960 EVO NVMe M.2 SSD
E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
G: System Images -> Samsung 860 Pro 2TB Internet Speed: 25+/5+ (+usually faster) Browser: Edge; Chrome Antivirus: Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS Other Info: Router: FRITZ!Box 7590 AX V2
Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
Computer Type: PC/Desktop System Manufacturer/Model Number: Hyper-V Virtual Machine OS: Windows 10 Insider Build - Fast Ring CPU: 8 Virtual Processors(8 threads) Motherboard: N/A Memory: 8192 MB - Dynamic Memory turned on Screen Resolution: Being a VM, it depends what size I need at a given moment;) Hard Drives: VM is on a separate internal SSD(Samsung 850 EVO SSD) Browser: Edge, chrome Antivirus: Defender Other Info: Secure Boot enabled,
All Integration Services are turned on,
Enhanced Session Mode selected
I want to know how these passwords have been collected. Have Google and Microsoft leaked my main password? If my mail address is on the list it means it's been compromised via another site, right? Then my question is, do they collect different passwords on the breached/leaked sites on the same associated mail address?
I want to know how these passwords have been collected. Have Google and Microsoft leaked my main password? If my mail address is on the list it means it's been compromised via another site, right? Then my question is, do they collect different passwords on the breached/leaked sites on the same associated mail address?
The servers get breached on the sites you use, and then the same email and password(if cracked, or if god forbid the site left them in the open instead of hashing them with SHA256(or higher), is tested on other popular sites.
Always create a different password when joining a new site, never use your email accounts password.
Most sites like Ten Forums just need the email address to validate you wanted to join, and the password yoou created for here, is to make sure only you have access to your account here,
Computer Type: PC/Desktop System Manufacturer/Model Number: ۞ΞЖ†ԘΜΞ۞ OS: Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu CPU: Intel Core i9 9900K Motherboard: ASUS ROG Maximus X Hero Memory: 32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T Graphics Card: ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X Sound Card: (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio Monitor(s) Displays: BenQ BL2711U(4K) and a hp 27vx(1080p) Keyboard: Trust GTX THURA Mouse: Trust GTX 148 PSU: Corsair HX1000i High Performance ATX Power Supply 80+ Platinum Case: Phanteks Enthoo Pro TG Cooling: Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phante Hard Drives: C: Samsung 960 EVO NVMe M.2 SSD
E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
G: System Images -> Samsung 860 Pro 2TB Internet Speed: 25+/5+ (+usually faster) Browser: Edge; Chrome Antivirus: Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS Other Info: Router: FRITZ!Box 7590 AX V2
Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
Computer Type: PC/Desktop System Manufacturer/Model Number: Hyper-V Virtual Machine OS: Windows 10 Insider Build - Fast Ring CPU: 8 Virtual Processors(8 threads) Motherboard: N/A Memory: 8192 MB - Dynamic Memory turned on Screen Resolution: Being a VM, it depends what size I need at a given moment;) Hard Drives: VM is on a separate internal SSD(Samsung 850 EVO SSD) Browser: Edge, chrome Antivirus: Defender Other Info: Secure Boot enabled,
All Integration Services are turned on,
Enhanced Session Mode selected
I have just been alerted to this data breach of email addresses and passwords https://www.troyhunt.com/ive-just-added-2844-new-data-breaches-with-80m-records-to-have-i-been-pwned/
I've changed any passwords which may be affected.
Quote