Hacked.

A place to chat about anything you like, including non-gardening related subjects. Just keep it clean, please!

Moderators: KG Steve, Chantal, Tigger, peter, Chief Spud

User avatar
snooky
KG Regular
Posts: 999
Joined: Sun Aug 31, 2008 5:03 pm
Location: Farnborough
Has thanked: 10 times
Been thanked: 34 times

I have been sent a"sexploitation" email by a hacker and as far as my son can tell it came from Brazil.The worrying part that the password which I used on this site was quoted.This has since been changed.I have reported this email to the administators for their information and to check whether or not the server has been compromised.
Regards snooky

---------------------------------
A balanced diet is a beer in both hands!
WARNING.!!... The above post may contain an opinion
User avatar
peter
KG Regular
Posts: 5842
Joined: Fri Nov 25, 2005 1:54 pm
Location: Near Stansted airport
Has thanked: 18 times
Been thanked: 33 times
Contact:

This stuff is part of my day job, the data has been harvested from breaches, like BA, LinkedIn, Facebook, there are lists for sale in whole or part on the internet of hundreds of millions of email and password combinations. My personal details are in five breaches of; 153 million, 593 million, 164 million, "hundreds of millions", 66 million. My work email is in two, one containing billions of email addresses but no passwords and the other 711 million. My employers email domain has about 14,000 individual mail addresses floating around in various of these lists, mostly ex employees, many repeats and many not People but subject matter ([email protected]) addresses, for comparison we have about four thousand current email addresses and use them to communicate with Joe public and companies.

People are sadly a bit predictable about passwords and some VERY common mistakes are:
    The commonest password used to be "Password".
    Many systems come with default passwords and purchasers do not bother changing them.
    People use the same password for everything, so if the Facebook password of Joe Bloggs is "Christmas" it's a fair bet that it is his password for email, twitter, KGforum, etc.
    Many websites use your email as your login ID.
    Never changing passwords, if a site they've used has been compromised they are often blissfully unaware, if they are aware they may change their password for that one site but not others.

The advice about random stuff with symbols and numbers in was sadly like the five a day advice a random idea based on some off target "common sense". To a computer a random bunch of characters is no more difficult to try than ones that are words. That said many automated crackers go by dictionary attacks, using massive lists of common passwords.

Modern advice is to check for disclosures, use a different password for each system, use pass phrases where the system can cope with them, change passwords regularly and to use a password safe.

Use:
    https://haveibeenpwned.com to check for your email ID & password being harvested.
    Different passwords on each site.
    Anti Malware on your computing devices.
    Common sense on emails, do not open any spam that makes it through your email providers defences, delete it or use any automated reporting provided. Your mate hasn't been mugged in Bengal, the company you've never heard of isn't billing you for stuff....
    A password safe to hold those multiple passwords. I use KeePassDroid on my android phone, it links with the fingerprint security I use to unlock the phone and i have the password which is eighteen digits long written down in one secure place at home, the database is on the phone (backed up at work) and holds twenty-four different personal and work passwords.

Further reading look at the National Cyber Security Centre website https://www.ncsc.gov.uk and especially their advice aimed at citizens on https://www.cyberaware.gov.uk and their password advice at https://www.cyberaware.gov.uk/passwords
Do not put off thanking people when they have helped you, as they may not be there to thank later.

I support http://www.hearingdogs.org.uk/
User avatar
Pa Snip
KG Regular
Posts: 3091
Joined: Sat Dec 06, 2014 8:20 pm
Location: Near the big house on the hill Berkshire

wow, that's a lot of useful info Peter. Thanks for taking the time and effort.

The danger when people start to believe their own publicity is that they often fall off their own ego.

At least travelling under the guise of the Pa Snip Enterprise gives me an excuse for appearing to be on another planet
Westi
KG Regular
Posts: 5910
Joined: Thu Oct 30, 2008 4:46 pm
Location: Christchurch, Dorset
Has thanked: 674 times
Been thanked: 238 times

Blimey Peter!

Didn't understand most of it, but worrying, so will look at your suggested sites to check. I have suddenly been receiving lot's of e-mails in German, I thought some company may have sold my details so I just block them, but maybe not sold but trying to get in? Scary, I had my PayPal hacked 3 times so just deleted it in the end as very disappointed in their response to my notification.
Westi
Post Reply Previous topicNext topic