If you’re signed up for one of the many services that alerts you to data breaches when they’re discovered (if you’re not, you probably should be) then you likely have an email waiting for you. Troy Hunt runs Have I Been Pwned where he makes it his business to dig up these files as they’re being passed around by hackers, and has alerted the world to “Collection #1,” which claims to combine usernames and passwords from thousands of databases.
That includes some where the password data may have been stored encrypted, so if someone has managed to crack open a site where you had an account registered, it’s likely they have your info and know what password you were using. If you’ve logged into a customer support portal or some random forum with your email address and used the same password you use for your main email account, Netflix, Facebook or other accounts, then it could be trivially easy for someone to have that and use it to log in as you. [Source: https://www.engadget.com/2019/01/16/772-million-collection-1-breach-hibp/ ]
Personal story:
About four years ago 000webhost was hacked. Unfortunately I had an account with them; an account which had become dormant. The hackers got my email and password. Too bad for me that was the same password I used for Paypal. They logged into my Paypal and sent payment to some iPhone repair shop in Asia. It all ended well however as Paypal reversed the payment after I raised a dispute. That’s when I started using password managers (LastPass, then BitWarden).
The lesson here is close accounts on sites you don’t use anymore and use different passwords for everything. https://haveibeenpwned.com reports I have been pwned on 3 different sites (000webhost , Daniweb, Disqus).
Mimi siku hizi if a service has a sign up with Google or Github I use that instead of creating an account.
My emails, paypal, bank, web hosts, amazon are all different and unique and not similar to anything at all. for the other minor services i have a bunch of unique 6 passwords that I use for all of them. Breaching one will not breach my email. Bank and Paypal email are not used elsewhere
Depends on how you want me to be, huyo troy hunt ananisaidia aje in life? Dont ever call me names kama you cant argue like a grown up save your bundles, umepitia kisu juzi ata haijakauka and your here thinking you are the sharpest mind ever brare!!
People will receive notifications or browse to the site and find themselves there and it will be one more little reminder about how our personal data is misused. If - like me - you’re in that list, people who are intent on breaking into your online accounts are circulating it between themselves and looking to take advantage of any shortcuts you may be taking with your online security. My hope is that for many, this will be the prompt they need to make an important change to their online security posture. And if you find yourself in this data and don’t feel there’s any value in knowing about it, ignore it. For everyone else, let’s move on and establish the risk this presents then talk about fixes.
and im not refuting anything thats why i used the word maybe, the same way people joined FACEBOOK and in turn the company sold their data to third parties without consent, saying this is a white hut “respected” blahblah what is binding you and him not to sell your data to third parties?
and if thats not enough they even check your inboxes and sell them to netflix and the likes
online security is hard to maintain it at 100% there is always a smarter person than you somewhere, i have been breached before i was sent a malware that steals bitcoins whenever i send them out, my antivirus didnt “capture” it, there are some silent devils called vnc can be sent to your machine and the person can use it simultaneously with you without ever finding out, plus he can see your screen and key-logs, security and online can never be but into one sentence if you want to be safe stay offline
is he mwi? is he god? is he you? ni mwizi tu kama wengine.There’s a valid point there of posting your email address on a site and they pull a 360 on you
Technology just like science people deal with facts and not made up claims. You just don’t believe in something just because someone claimed it. If there are no facts to back it up then it’s bullshit.
Every news article in the world dealing with this story is recommending haveIbeenpawned. Every security guide recommends this site. Mozilla uses their API’s for their own similar service. Cloudflare provides free hosting and other tech service to the site for free. All these people and companies trust this site and never had issues with it nor seen anything fishy with it. lakini juu mtu ktalk amesema MAYBE they sell your email unakubali naye without him providing proof. There are lots of free services offered by people with good intentions. Almost every site uses JavaScript which depends on Eslint which is free and maintained by Nicholas Zakas, so is Eslint malicious? How about Linux kernel which powers most servers and devices, the code is provided for free by companies like those under Linaro and individuals contribute code and give financial aid, so is linux malicious? Your Android phone runs on linux… Can go on and mention more like Apache and others. The point is some people provide services for free because they want a better secure world for others. Just because you did not take your time to understand the service does not mean that you should spread rumours about it.Go read the site FAQ, if you still doubt the site after that then thats your problem.
Troy is a manager at Microsoft. The site is a side project he works on for fun