Skip Navigation

Privacy @lemmy.ml

TheTwelveYearOld @lemmy.world

3w ago

I don't know what to do with this information

privacy @lemmy.ca

TheTwelveYearOld @lemmy.world

3w ago

I don't know what to do with this information

0 1

Privacy @lemmy.world

TheTwelveYearOld @lemmy.world

3w ago

I don't know what to do with this information

33 6

Privacy Guides @lemmy.one

TheTwelveYearOld @lemmy.world

3w ago

I don't know what to do with this information

0 4

54 comments

This breach is worse than just a website's database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.
Before changing all of your passwords (and setting up a password manager if you don't already use one) you need to identify which of your devices was compromised and wipe it.
If you change all your passwords from the compromised device then the malware will just record all of your new passwords.
- How would one identify which device was compromised?
  
  Assume all of them are infected.
  
  Turn off your computer and make sure it powers down. Toss it in a 43-foot hole in the ground. Bury it completely rocks and boulders should be fine. Then burn any clothes you may have worn any time you were onliiiine
- Which password manager is good? I use Bitwarden but it would take forever to change all my passwords inside of it
  
  Bitwarden have a good balance of security, price and convenience. If you want more control and less convenience, KeePass.
  
  Bitwarden.
- Do you have a clue about what haveibeenpwned is?

For those wondering what this is Troy Hunter (HIBP founder) wrote an article on this new feature.
- That’s a great pseudonym, if it is one. Troy Hunter, i.e. hunter of trojans. Fantastic

Assuming this email is legit, the best thing that you can do is change as many of your passwords as possible to be unique and complex. You may also want to consider deleting old email addresses and getting new ones. Alternatively you can separate your emails addresses by having one for signing up for spammy services, one for personal stuff, one for work/school, etc. Try not to have much overlap between them all.
Edit: I also highly recommended using a temporary email for signing up for stuff whenever possible. I always use this one , but there are plenty of others too.
- I kinda like https://yopmail.com/ as it's much more customizable
  
  I like grr.la because I can sign in into the services with any random name @grr.la before opening the temporarily mail site, and sometimes I find out that it wasn't required to confirm the mail, saving some time
- I also highly recommended using a temporary email for signing up for stuff whenever possible.
  This is the worst security advice I have ever heard. Now someone doesn’t even need to get your password, just your email and they can just use the temporary email provider to reset your password?
  
  For services that are throwaway, this is fine. I don't care if someone gains access to my ice cream rewards account, they don't have anything else important. And I believe these services only last 10 minutes, meaning you can't password reset them because the inbox doesn't exist.

Password manager, and use different randomly generated passwords.
The real danger is having the same password everywhere.
Also pay attention to where you save your payment info.
Everything I do online is through Privacy.com, with limits for each vendor. My amazon gets hacked? Most I'm out is $100, steam gets hacked, there goes $60. A subscription tries to double charge, lol no. Free trial wants to auto-bill me after 7 days, its not happening. Funneling everything through them isn't 100%, but at least they're not paypal, I get notified when ever even a 1 cent charge happens and I'm not leaving my bank card on a dozen random sites I'll eventually loose track of.
- What if my chosen service doesn't allow me to change passwords that frequently?
  
  It's not that you change the passwords for each website often, it's that you use a different password for each site. That way if one site gets hacked and your password is leaked, it can't be used to access your accounts on other sites.
- Sadly I don't know of an alternative operating in Europe.
  
  Revolut? I think you can create cards the same way

There was a steam breach too, i changed my email and password for steam as well
- Can you provide your source (no pun intended)?
  
  https://www.troyhunt.com/experimenting-with-stealer-logs-in-have-i-been-pwned/

Stealer logs is pretty bad. Very bad to be fair. It means your computer is infected and have stolen all your saved passwords.
Reinstall your operating system completely. Take note of your accounts and change all their passwords. Start with your email address as its the most important one.
- No, it was steam that was breached. Haveibeenpwned notices you about major central data leaks. It is not an anti-malware

Start changing passwords mon ami
Get a password manager and just start going from site to site and change em up. Use strong ones and store them in the pass manager. Start with critical ones like banks, email accounts, and government stuff, and then keep going..
- Bitwarden is great, you can also optionally self-host it with vaultwarden.
  
  I personally also suggest KeePass2 for an offline vault storage that you can use with Syncthing to synchronize so the data never leaves your devices.
  It's worth mentioning that both these programs are subject to leaks in machines infected with malware like OP's was, so maybe if malware is a problem you deal with regularly, i suggest the online options.

This is really scary can you think of anything that infected your devices and stole your data? I heard about a massave data leak a weak ago :(
- That's not what happened
  
  i get confused easy

54 comments