• Welcome to the Cricket Web forums, one of the biggest forums in the world dedicated to cricket.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join the Cricket Web community today!

    If you have any problems with the registration process or your account login, please contact us.

you have been pwned

Spark

Spark

Global Moderator
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that's a sizeable amount more than a 32-bit integer can hold.)

In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion. (I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives.)

The unique email addresses totalled 772,904,991. This is the headline you're seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP). It's after as much clean-up as I could reasonably do and per the previous paragraph, the source data was presented in a variety of different formats and levels of "cleanliness". This number makes it the single largest breach ever to be loaded into HIBP.

There are 21,222,975 unique passwords. As with the email addresses, this was after implementing a bunch of rules to do as much clean-up as I could including stripping out passwords that were still in hashed form, ignoring strings that contained control characters and those that were obviously fragments of SQL statements. Regardless of best efforts, the end result is not perfect nor does it need to be. It'll be 99.x% perfect though and that x% has very little bearing on the practical use of this data. And yes, they're all now in Pwned Passwords, more on that soon.
Click to expand...
welp

https://haveibeenpwned.com/
 
Athlai

Athlai

Not Terrible
Yeah I have it’s only annoying though, my email and bank have unique passwords but I used a generic for a lot of websites and game things. Real pain in the ass to 2FA everything and change passwords. Hackers can die in a fire.
 
D

Daemon

Well-known member
Anyone have any insight into whether enforced periodic password changing (most firms do 3 months I think) is a good thing?
 
Athlai

Athlai

Not Terrible
Work had a global password that changed every month that had to have three capital letters, then like 6+ lower case, but you couldn’t have it be nonsense letters. It had to be words, then two symbols, and 3 numbers.

Never saw so many people writing down passwords before, lasted all of 2 months before that system just used the same password as our login.
 
Magrat Garlick

Magrat Garlick

Global Moderator
i've had one password leaked, but i haven't used that one for years. The hackers keep trying to blackmail me with the first 8 letters of the password, suggesting that any following letters weren't included in the hash algorithm
 
D

Dan

Global Moderator
So, should I be using a password manager? And if so, which one?

Thinking 1Password might be worth the investment atm.
 
Last edited:
D

Daemon

Well-known member
I use variations of a couple of same passwords so it's easy to remember and I whatsapp myself the passwords in abbreviated form lol. If it's Da3mon@# then I'll write something like CW is D3@#.

Probably a bad idea but I'm lazy so eh
 
Top_Cat

Top_Cat

Well-known member
Dan said:
So, should I be using a password manager? And if so, which one?

Thinking 1Password might be worth the investment atm.
Click to expand...
They just moved to a cloud service after specifically promising their users they would not.

That's one thing that makes me a p/w manager sceptic, tbh. Aside from the central point of failure, I'm quite content to be convinced that, eventually, cloud security will be handled well and be better than what normal people do (reuse passwords, etc.). But this lack of knowing what you're really getting I don't like, that one day these guys will make some corporate decision, ostensibly to save costs, that is a very different thing to what I initially signed up for. And, of course, good luck getting your distributed data back from them, do they really mean deleted or just deactivated, etc.
 
You must log in or register to reply here.
Top