Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
You must log in or register to comment.
Protip for the room: Use a password manager with a unique password for every service. Then when one leaks, it only affects that singular service, not large swaths of your digital life.
And an email alias.
I hate how many places don’t allow for + aliases. I want to know who leaked my email.
At the same time, it is trivially easy to strip a + alias, so I’d not trust it to do anything much at all.
If you use aliases for all services, it makes it slightly harder to automate trying one leaked email on another site, since the hacker needs to add the new alias on the other service.
No one is going through of all these credentials manually, so any extra obscurity can actually bring you security in a pinch. Although if you have different passwords this shouldn’t matter much…
No, you just run a simple Regex on both combolists and are done. It literally takes seconds
No + required. There are hundreds of companies offering aliases using their shared domain. You can also just generate a temporary email address if you don’t require any ongoing communication and the account is not super important.
Even if your alias is leaked they can remove the + part and it’ll lead to your original email without aliases. They probably do some data formatting on emails to no get caught so easily and obviously.
+aliases are convenience aliases only. They are often stripped from ID datasets. Better to use a real alias.
Don’t forget unique email addresses. I’ve had two spam emails in the last 6 months, I could trace them to exactly which company I gave that email address to (one data breach, one I’m pretty sure was the company selling my data). I can block those addresses and move on with my life.
My old email address from before I started doing this still receives 10+ spam emails a day.
I’ve started using {emailaddress}+{sitename}@gmail.com i.e. myemail+xyzCompany@gmail.com
That way I can at least see who sold my info. I wish I would have started doing this long ago though. Some sites dont let you use the plus symbol even though it’s valid though
This trick is common enough and trivial to reverse engineer. I can just purge my billion-email-address hacked list of all characters between a + and an @ and have a clean list that untraceable with your system.
For me, if this happens, it has no impact since almost every page i sign up to has a unique password. The most important ones has mfa as well.
Use a password manager. Simple.
Right answer. In fact, the only viable answer.
The thing about this one is no one seems sure of the source (it appears to be from multiple sources, including infostealer malware and phishing attacks), so you don’t know which passwords to change. To be safe you’d have to do all of them.
Some password managers (e.g. Bitwarden) offer an automatic check for whether your actual passwords have been seen in these hack databases, which is a bit more practical than changing hundreds of passwords just in case.
And of course don’t reuse passwords. If you have access to an email masking service you can not only use a different password for every site, but also a different email address. Then hackers can’t even easily connect that it’s your account on different sites.
God fucking dammit, I fucking hate seeing people self-censor themselves on the internet.
Why did you censor yourself in the title?
Probably because they primarily live in a censorship world, be it digital or in-person, and change is difficult for most people.
They’ll censor “fucking”, but still use the Lord’s name in vain. smh.
No one gave you the memo?
You’re allowed to swear on the internet as long as you’re not one of the weird instances.
Let’s make a master list of all the emails leaked with their passwords, what could go wrong?
That’s not how it works
This is why my password is hunter2, no one can see what is says under the asterix,
for anyone who doesn’t get the reference, it’s an ancient Bash chatlog: https://knowyourmeme.com/memes/hunter2
