Author Topic: Possible Data Breach Warning  (Read 32606 times)

Offline Bryanpoprobson

  • Jupiter
  • ***
  • Posts: 831
  • Another Clown
Possible Data Breach Warning
« on: April 01, 2021, 07:58:52 AM »
Just had this come up as a warning... Is anyone aware of this on here?


Bryanpoprobson
••••••••••
Found in data breach
Just now
"Wise men speak because they have something to say!" "Fools speak, because they have to say something!" (Plato)

Offline Zakalwe

  • Uranus
  • ****
  • Posts: 1607
Re: Possible Data Breach Warning
« Reply #1 on: April 01, 2021, 10:18:19 AM »
Are you using Chrome?
"The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.' " - Isaac Asimov

Offline Bryanpoprobson

  • Jupiter
  • ***
  • Posts: 831
  • Another Clown
Re: Possible Data Breach Warning
« Reply #2 on: April 01, 2021, 04:24:03 PM »
Occasionally..
"Wise men speak because they have something to say!" "Fools speak, because they have to say something!" (Plato)

Offline bknight

  • Neptune
  • ****
  • Posts: 3175
Re: Possible Data Breach Warning
« Reply #3 on: April 02, 2021, 08:32:34 PM »
Are you using Chrome?
Never.
A colleague and I spent the better part of three days uninstalling Chrome, so that the infected computer could do emails again.  I have been very careful to watch those add-ons when installing other software that carries Chrome with it.
Truth needs no defense.  Nobody can take those footsteps I made on the surface of the moon away from me.
Eugene Cernan

Offline Zakalwe

  • Uranus
  • ****
  • Posts: 1607
Re: Possible Data Breach Warning
« Reply #4 on: April 03, 2021, 07:02:57 AM »
Occasionally..

It now tells you if your username and passwords have been breached. The warning it displays sounds like the one that you received.

Are you using Chrome?
Never.
A colleague and I spent the better part of three days uninstalling Chrome, so that the infected computer could do emails again.  I have been very careful to watch those add-ons when installing other software that carries Chrome with it.

Sounds like he knew exactly what he was doing if it took 3 days to install a browser....
"The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.' " - Isaac Asimov

Offline Bryanpoprobson

  • Jupiter
  • ***
  • Posts: 831
  • Another Clown
Re: Possible Data Breach Warning
« Reply #5 on: April 04, 2021, 02:04:53 AM »
It was referring to this site, this was my concern.
"Wise men speak because they have something to say!" "Fools speak, because they have to say something!" (Plato)

Offline bknight

  • Neptune
  • ****
  • Posts: 3175
Re: Possible Data Breach Warning
« Reply #6 on: April 04, 2021, 05:35:22 PM »
Occasionally..

It now tells you if your username and passwords have been breached. The warning it displays sounds like the one that you received.

Are you using Chrome?
Never.
A colleague and I spent the better part of three days uninstalling Chrome, so that the infected computer could do emails again.  I have been very careful to watch those add-ons when installing other software that carries Chrome with it.

Sounds like he knew exactly what he was doing if it took 3 days to install a browser....
We were uninstalling, as it takes maybe 2 minutes to install, but uninstalling finding all the links and files that point to Chrome was a bother.
Truth needs no defense.  Nobody can take those footsteps I made on the surface of the moon away from me.
Eugene Cernan

Offline LunarOrbit

  • Administrator
  • Saturn
  • *****
  • Posts: 1071
    • ApolloHoax.net
Re: Possible Data Breach Warning
« Reply #7 on: April 22, 2021, 07:38:00 PM »
Just had this come up as a warning... Is anyone aware of this on here?

I haven't encountered that error before. So it was Chrome warning you, or the forum?

The forum stores your password encrypted, so any breach of the forum database would not reveal your password. But I'd recommend changing your password just to be safe.

On my end, I have just installed a "fresh" copy of the forum software to make sure there aren't any security issues with it, and I also removed the Tapatalk extension (it's possible they had a security breach on their end that might affect anyone that uses the app to access the forum).
« Last Edit: April 22, 2021, 07:42:08 PM by LunarOrbit »
It suddenly struck me that that tiny pea, pretty and blue, was the Earth.
I put up my thumb and shut one eye, and my thumb blotted out the planet Earth.
I didn't feel like a giant. I felt very, very small.
- Neil Armstrong (1930-2012)

Offline grmcdorman

  • Earth
  • ***
  • Posts: 151
Re: Possible Data Breach Warning
« Reply #8 on: April 23, 2021, 08:21:59 AM »
LO: Password stored encrypted or hashed? Encrypted is reversible, hashed is (in theory) not. I would hope the latter; most modern systems use hashes.

(Hashes can also be subject to attacks, depending on the hash algorithm and the way it is used, BTW; again, a modern implementation will use best practices to make that hard).

Offline LunarOrbit

  • Administrator
  • Saturn
  • *****
  • Posts: 1071
    • ApolloHoax.net
Re: Possible Data Breach Warning
« Reply #9 on: April 23, 2021, 08:23:48 PM »
LO: Password stored encrypted or hashed?

They are hashed.
It suddenly struck me that that tiny pea, pretty and blue, was the Earth.
I put up my thumb and shut one eye, and my thumb blotted out the planet Earth.
I didn't feel like a giant. I felt very, very small.
- Neil Armstrong (1930-2012)

Offline grmcdorman

  • Earth
  • ***
  • Posts: 151
Re: Possible Data Breach Warning
« Reply #10 on: April 24, 2021, 12:28:22 PM »
That's what I thought; of course as a software developer (with an interest in security) I like to use the technically correct terms. Thanks.

Offline JayUtah

  • Neptune
  • ****
  • Posts: 3845
    • Clavius
Re: Possible Data Breach Warning
« Reply #11 on: April 26, 2021, 10:23:59 AM »
The problem with hashes is that you still need long and/or interesting passwords, and not to reuse them at other sites.  For all the major hash algorithms, there already exist lists of precomputed hashes from combinations of all the keyboard characters.  As of about five years ago, the list was up to all combinations of six or fewer characters.  So if your password is shorter than six characters, and someone obtains the password file/table for a site, the password that generated the stored hash is effectively in the clear and can be used to exploit other resources a hacker might be able to associate with your identity.  For example, my password here is not the same as my password at other forums.  So while someone might be able to crack the hash here and obtain my password here in plain text, it would be useless at other forums where I also use the name JayUtah.
"Facts are stubborn things." --John Adams

Offline LunarOrbit

  • Administrator
  • Saturn
  • *****
  • Posts: 1071
    • ApolloHoax.net
Re: Possible Data Breach Warning
« Reply #12 on: April 26, 2021, 10:46:17 AM »
That's what I thought; of course as a software developer (with an interest in security) I like to use the technically correct terms. Thanks.

Yeah, using "encrypted" interchangeably with "hashed" is a bad habit of mine that I need to break. But I think most people don't know what "hashed" means and if you explain it to them they will just say "Oh, so you mean they are encrypted?".

The problem with hashes is that you still need long and/or interesting passwords, and not to reuse them at other sites.

That was my concern with having Tapatalk connected to the forum. I can do what I can to ensure the forum software is secure, but once a third party gets involved in how people use the forum it is no longer 100% in my hands. I don't know for sure that Tapatalk is a problem since they haven't announced a security breach, but by removing it's access to the forum I'm removing it as a potential security hole.

The only other 3rd party add-on I've installed for the forum is one that adds a bbcode for embedding YouTube videos into the editor. Theoretically it could be logging people's passwords or something, but I doubt it.
It suddenly struck me that that tiny pea, pretty and blue, was the Earth.
I put up my thumb and shut one eye, and my thumb blotted out the planet Earth.
I didn't feel like a giant. I felt very, very small.
- Neil Armstrong (1930-2012)

Offline grmcdorman

  • Earth
  • ***
  • Posts: 151
Re: Possible Data Breach Warning
« Reply #13 on: April 27, 2021, 08:34:10 AM »
@Jay: As I'm absolutely sure you know, that's what salts are supposed to be for; they should make every instance of the same password different (and make precomputed hashes pointless). Any credential hashing that isn't also using a salt is, from a security standpoint wrong.

So how do these precomputed tables work? (I vaguely recall rainbow tables from when I watched some online courses on security; is that what they are?)


Offline JayUtah

  • Neptune
  • ****
  • Posts: 3845
    • Clavius
Re: Possible Data Breach Warning
« Reply #14 on: April 27, 2021, 10:23:38 AM »
Right, the tables would only work if the passwords aren't salted, which (I'm told) still isn't universal practice.  And how they work is very straightforward.  You have a list of hashes -- say MD5 or SHA256 -- ordered or indexed for fast search, and the corresponding plaintext that they were generated from.
"Facts are stubborn things." --John Adams