2.2 Billion Pwned Accounts Found In A New Data Dump

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AdultKing
    Raise Your Weapon
    • Jun 2003
    • 15601

    #1

    Tech 2.2 Billion Pwned Accounts Found In A New Data Dump

    These user database dumps are becoming all too. frequent.

    Check if you've been compromised on https://haveibeenpwned.com


    Hackers have been exploiting vulnerabilities, stealing data, selling information, and combining login credentials for decades now. Every now and then, a new major breach is reported, and year after year, the definition of a ‘big breach’ is getting changed to fit the new exploit.
    Now, however, the definition is going to be reconsidered again, after the new, massive data dump has been discovered.

    Several weeks ago, a website called Have I Benn Pwned? included a newly-found database that had around 773 million unique email addresses, as well as 21 million passwords. The data was found on an undisclosed hacking forum, and it was believed to be one of the largest data dumps in recent years. Researchers have named this Collection #1, and anyone wishing to check if their data was affected could have done so by going to Have I Been Pwned? site.

    Now, however, Collections #2-5 have been uncovered as well, and the total number of affected accounts has skyrocketed to 2.2 billion. The second cache was found by Germany’s Hasso-Plattner Institute (HPI), and its researchers have confirmed that this data and Collection #1 come from the same collection.
    https://koddos.net/blog/2-2-billion-...new-data-dump/
  • directfiesta
    Too lazy to set a custom title
    • Oct 2002
    • 30135

    #2
    Hummmm.....

    But Currently Sober loves the title
    I know that Asspimple is stoopid ... As he says, it is a FACT !

    But I can't figure out how he can breathe or type , at the same time ....

    Comment

    • CurrentlySober
      Too lazy to wipe my ass
      • Aug 2002
      • 38946

      #3
      Originally posted by directfiesta
      Hummmm.....

      But Currently Sober loves the title
      it made me cum twice... *blush*


      👁️ 👍️ 💩

      Comment

      • adultchatpay
        Let's Make Money
        • Dec 2008
        • 8785

        #4
        I entered a fake email and it says it's pwmed!

        Comment

        • AdultKing
          Raise Your Weapon
          • Jun 2003
          • 15601

          #5
          Originally posted by adultchatpay
          I entered a fake email and it says it's pwmed!
          Can't be fake then. Must belong to someone.

          Comment

          • ladida
            Confirmed User
            • Nov 2005
            • 2179

            #6
            Haha, naive people put their email here and get subject to spam It's just a mail collection service. They have no more knowledge of if your mail got hacked then you do.
            agentGFY *at* gmail.com

            Comment

            • AdultKing
              Raise Your Weapon
              • Jun 2003
              • 15601

              #7
              Originally posted by ladida
              Haha, naive people put their email here and get subject to spam It's just a mail collection service. They have no more knowledge of if your mail got hacked then you do.
              That's incorrect. Troy Hunt runs Have I Been Pwned? and as a well known security researcher and Microsoft fellow I am sure he's not harvesting email addresses.

              It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down.

              https://en.wikipedia.org/wiki/Troy_Hunt

              https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

              Comment

              • Bladewire
                StraightBro
                • Aug 2003
                • 56228

                #8
                Originally posted by AdultKing
                That's incorrect. Troy Hunt runs Have I Been Pwned? and as a well known security researcher and Microsoft fellow I am sure he's not harvesting email addresses.

                It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down.

                https://en.wikipedia.org/wiki/Troy_Hunt

                https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
                You know he keeps the emails. Come on


                Skype: CallTomNow

                Comment

                • AdultKing
                  Raise Your Weapon
                  • Jun 2003
                  • 15601

                  #9
                  Originally posted by Bladewire
                  You know he keeps the emails. Come on
                  I know he doesn't, emails are compared to the database and then forgotten.

                  It's externally audited and trusted by AusCERT.

                  I can't believe the number of dumb fucks in this thread who have no idea what they're talking about.

                  Edit: you can voluntarily sign up to be notified of breaches, but to suggest that he harvests emails entered into Have I Been Pwned is ridiculous when you consider the significant scrutiny the service receives.

                  Comment

                  • Bladewire
                    StraightBro
                    • Aug 2003
                    • 56228

                    #10
                    Originally posted by AdultKing
                    I know he doesn't, emails are compared to the database and then forgotten.

                    It's externally audited and trusted by AusCERT.

                    I can't believe the number of dumb fucks in this thread who have no idea what they're talking about.

                    Edit: you can voluntarily sign up to be notified of breaches, but to suggest that he harvests emails entered into Have I Been Pwned is ridiculous when you consider the significant scrutiny the service receives.
                    You read his TOS they store the emails of subscribers.

                    Nowhere in his TOS does he say no third parties can pay him to send out promotional emails on their behalf.

                    Also, he uses Sendgrid to send out emails

                    Sendgrid TOS states that third parties are allowed access to the data, it's under "service data" in their TOS.


                    Skype: CallTomNow

                    Comment

                    • Smack dat
                      So Fucking Banned
                      • Jul 2016
                      • 4613

                      #11
                      Troy Hunt uses a fake pseudonym.

                      Comment

                      • AdultKing
                        Raise Your Weapon
                        • Jun 2003
                        • 15601

                        #12
                        Originally posted by Bladewire
                        You read his TOS they store the emails of subscribers.

                        Nowhere in his TOS does he say no third parties can pay him to send out promotional emails.

                        Also, he uses Sendgrid to send out emails

                        Sendgrid TOS states that third parties are allowed access to the data, it's under "service data"
                        What part of respected security researcher do you not understand?

                        When it comes to technology most of you GFY folk are fucking peasants. No wonder mainstream eclipsed adult, it's because most people left in adult are luddites, clinging on to old versions of PHP and Wordpress, using insecure outdated scripts and probably re-using passwords on a multitude of websites.

                        You have no idea what K-Anonymity is, or how it's used to cross reference compromised passwords without passing on the password itself, you have no idea what AusCERT is, you probably don't even know how numerous services use the HIBP datasets to protect you on a daily basis.

                        I can't deal with this level of stupid that most people here exhibit daily.

                        Comment

                        • Bladewire
                          StraightBro
                          • Aug 2003
                          • 56228

                          #13
                          Originally posted by AdultKing
                          What part of respected security researcher do you not understand?

                          When it comes to technology most of you GFY folk are fucking peasants. No wonder mainstream eclipsed adult, it's because most people left in adult are luddites, clinging on to old versions of PHP and Wordpress, using insecure outdated scripts and probably re-using passwords on a multitude of websites.

                          You have no idea what K-Anonymity is, or how it's used to cross reference compromised passwords without passing on the password itself, you have no idea what AusCERT is, you probably don't even know how numerous services use the HIBP datasets to protect you on a daily basis.

                          I can't deal with this level of stupid that most people here exhibit daily.
                          Also notice in his TOS when you opt of of email notifications, he doesn't delete your email, he keeps it in his database... how convenient.

                          "HIBP provides an opt-out feature that removes the email address from public visibility. It does this by flagging the record as being opted-out rather than permanently deleting it..."

                          I'm not saying he's a bad guy or nefarious in any way. Just the facts.

                          Facebook famously said they don't give your data to third parties, they just let them access their database of your info.


                          Skype: CallTomNow

                          Comment

                          • AdultKing
                            Raise Your Weapon
                            • Jun 2003
                            • 15601

                            #14
                            Originally posted by Bladewire
                            Also notice in his TOS when you opt of of email notifications, he doesn't delete your email, he keeps it in his database... how convenient.

                            "HIBP provides an opt-out feature that removes the email address from public visibility. It does this by flagging the record as being opted-out rather than permanently deleting it..."

                            I'm not saying he's a bad guy or nefarious in any way. Just the facts.

                            Facebook famously said they don't give your data to third parties, they just let them access their database of your info.
                            Can't argue with stupid. I agree about Facebook, but Facebook was an anti privacy operation from day 1.

                            Comment

                            • Bladewire
                              StraightBro
                              • Aug 2003
                              • 56228

                              #15
                              Originally posted by AdultKing
                              Can't argue with stupid.
                              What's up with the name calling? Never mind I don't care forget it.


                              Skype: CallTomNow

                              Comment

                              • AdultKing
                                Raise Your Weapon
                                • Jun 2003
                                • 15601

                                #16
                                Originally posted by Bladewire
                                What's up with the name calling?
                                Because you're so quick jump to dumb conclusions.

                                The section of the TOS you referenced refers to dump data not sign up notification data.

                                You can opt your email out of the HIBP database and then it won't return Pwned on a search, but it remains in the database because it's a fundamental part of how the database works. Also email addresses change hands, eg: [email protected] which is why they're flagged and not removed from HIBP dump data.

                                Furthermore the dump data has already been made public on pastebins and other such services by hackers, deleting an email from the HIBP database doesn't magically make the email address disappear from the dumps out there on the web.

                                Comment

                                • Bladewire
                                  StraightBro
                                  • Aug 2003
                                  • 56228

                                  #17
                                  Originally posted by AdultKing
                                  Because you're so quick jump to dumb conclusions.
                                  I stopped there. I'm over it. Fuck off


                                  Skype: CallTomNow

                                  Comment

                                  • ladida
                                    Confirmed User
                                    • Nov 2005
                                    • 2179

                                    #18
                                    Originally posted by AdultKing
                                    That's incorrect.
                                    It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down.
                                    It's actually quite correct. What is ill informed is you not understanding anything about everything. I work on security far more then you have even thought about and know far more about these things then you do, but that is even besides the point, nether i can prove it to you, nor do i care to prove it to you. The availability he would need to have to "check" if your email is hacked from all the databases that he claims to check against would make his site the prime target for every email theif on the planet. His database would also be humangous and preserve a constant security threat from those same companies the databases were stolen. Yea, im sure they gave their consent into something like this. Don't be as stupid as you sound.

                                    However, what i do know, and can prove, is that i put a bullshit made up email that came back as "breached". And no, no one else has tried that one since i would sooner win the lottery then for that to happen.
                                    What i did then was try an email i do own that i didnt register anywhere, and it also came back as "breached" and it even lists the databases it is on, and it lists sites that i didn't visit EVER. It listed just some random sites that the guy presumes my ip uses.

                                    So yea, it's a hoax to capture emails. But by all means, go and put all your mails in there.
                                    agentGFY *at* gmail.com

                                    Comment

                                    • AdultKing
                                      Raise Your Weapon
                                      • Jun 2003
                                      • 15601

                                      #19
                                      Originally posted by ladida
                                      It's actually quite correct. What is ill informed is you not understanding anything about everything. I work on security far more then you have even thought about and know far more about these things then you do, but that is even besides the point, nether i can prove it to you, nor do i care to prove it to you.
                                      Bullshit, you're just another GFY peasant.

                                      Comment

                                      • freecartoonporn
                                        Confirmed User
                                        • Jan 2012
                                        • 7683

                                        #20
                                        i am with AK on this one, i have used that site before and its trustworthy.

                                        why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails.

                                        and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
                                        just saying.
                                        SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

                                        Comment

                                        • AdultKing
                                          Raise Your Weapon
                                          • Jun 2003
                                          • 15601

                                          #21
                                          Originally posted by freecartoonporn
                                          and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
                                          Thank you.

                                          He also has millions of invalid email addresses in the database.

                                          Hackers who sold these dumps on the black market used to pad them out with made up addresses in the same way spam list sellers used to do 20 years ago.

                                          If you make up an email address and it comes up as Pwned that's simply because the email address has been used in the way described above.

                                          Troy Hunt is an acclaimed security researcher and has world wide respect in the Internet Security sphere. He's advised Governments, companies and even commissions of inquiry.

                                          He makes big money from his well regarded courses, his directorships and his work for various organisations. It's laughable to suggest that he would risk all that by building his own spam database.

                                          Anyone in this thread who has suggested he has nefarious intent obviously doesn't follow anyone of note with regard to security research.

                                          For those interested in becoming more informed, here are some security related Twitter accounts to follow:



                                          https://twitter.com/blackroomsec
                                          https://twitter.com/th3j35t3r
                                          https://twitter.com/ericgeller
                                          https://twitter.com/runasand
                                          https://twitter.com/savagejen
                                          https://twitter.com/evacide
                                          https://twitter.com/shehackspurple
                                          https://twitter.com/L_AGalloway
                                          https://twitter.com/swagitda_
                                          https://twitter.com/HydeNS33k
                                          https://twitter.com/MalwareTechBlog
                                          https://twitter.com/briankrebs
                                          https://twitter.com/aprilwright
                                          https://twitter.com/theroxyd
                                          https://twitter.com/Fox0x01
                                          https://twitter.com/SwiftOnSecurity
                                          https://twitter.com/IanColdwater
                                          https://twitter.com/vixentael
                                          https://twitter.com/rmitera
                                          https://twitter.com/KseniaDmitrieva
                                          https://twitter.com/Alyssa_Herrera_
                                          https://twitter.com/gynvael

                                          Comment

                                          • Konda
                                            ...
                                            • Apr 2003
                                            • 2280

                                            #22
                                            Originally posted by freecartoonporn
                                            i am with AK on this one, i have used that site before and its trustworthy.

                                            why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails.

                                            and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
                                            just saying.



                                            It's totally retarded what ladida says

                                            Comment

                                            • Bladewire
                                              StraightBro
                                              • Aug 2003
                                              • 56228

                                              #23
                                              Originally posted by AdultKing
                                              Thank you.

                                              He also has millions of invalid email addresses in the database.

                                              Hackers who sold these dumps on the black market used to pad them out with made up addresses in the same way spam list sellers used to do 20 years ago.

                                              If you make up an email address and it comes up as Pwned that's simply because the email address has been used in the way described above.

                                              Troy Hunt is an acclaimed security researcher and has world wide respect in the Internet Security sphere. He's advised Governments, companies and even commissions of inquiry.

                                              He makes big money from his well regarded courses, his directorships and his work for various organisations. It's laughable to suggest that he would risk all that by building his own spam database.

                                              Anyone in this thread who has suggested he has nefarious intent obviously doesn't follow anyone of note with regard to security research.

                                              For those interested in becoming more informed, here are some security related Twitter accounts to follow:



                                              https://twitter.com/blackroomsec
                                              https://twitter.com/th3j35t3r
                                              https://twitter.com/ericgeller
                                              https://twitter.com/runasand
                                              https://twitter.com/savagejen
                                              https://twitter.com/evacide
                                              https://twitter.com/shehackspurple
                                              https://twitter.com/L_AGalloway
                                              https://twitter.com/swagitda_
                                              https://twitter.com/HydeNS33k
                                              https://twitter.com/MalwareTechBlog
                                              https://twitter.com/briankrebs
                                              https://twitter.com/aprilwright
                                              https://twitter.com/theroxyd
                                              https://twitter.com/Fox0x01
                                              https://twitter.com/SwiftOnSecurity
                                              https://twitter.com/IanColdwater
                                              https://twitter.com/vixentael
                                              https://twitter.com/rmitera
                                              https://twitter.com/KseniaDmitrieva
                                              https://twitter.com/Alyssa_Herrera_
                                              https://twitter.com/gynvael
                                              They said the same about Mark Zuckerberg.

                                              He's an "Australian" so you are blindly letting his cum pump down your throat.

                                              You are truly a fucking idiot.

                                              His TOS specifically states that the emails in the database he owns ARE NOT DELETED

                                              People don't delete emails for a reason you stupid cunt!


                                              Skype: CallTomNow

                                              Comment

                                              • AdultKing
                                                Raise Your Weapon
                                                • Jun 2003
                                                • 15601

                                                #24
                                                Originally posted by Bladewire
                                                His TOS specifically states that the emails in the database he owns ARE NOT DELETED
                                                You can opt your email out of the HIBP database and then it won't return Pwned on a search, but it remains in the database because it's a fundamental part of how the database works. Also email addresses change hands, eg: [email protected] which is why they're flagged and not removed from HIBP dump data.

                                                Furthermore the dump data has already been made public on pastebins and other such services by hackers, deleting an email from the HIBP database doesn't magically make the email address disappear from the dumps out there on the web.

                                                As far as 'stupid cunts' go, you are obviously intelligent Bladewire and I often agree with you, but you're a bit like that firecracker that you light that just fizzes out. So much potential lost, a fizzer.

                                                Comment

                                                • gorillaz_
                                                  Confirmed User
                                                  • Sep 2014
                                                  • 361

                                                  #25
                                                  Originally posted by ladida
                                                  It's actually quite correct. What is ill informed is you not understanding anything about everything. I work on security far more then you have even thought about and know far more about these things then you do, but that is even besides the point, nether i can prove it to you, nor do i care to prove it to you. The availability he would need to have to "check" if your email is hacked from all the databases that he claims to check against would make his site the prime target for every email theif on the planet. His database would also be humangous and preserve a constant security threat from those same companies the databases were stolen. Yea, im sure they gave their consent into something like this. Don't be as stupid as you sound.

                                                  However, what i do know, and can prove, is that i put a bullshit made up email that came back as "breached". And no, no one else has tried that one since i would sooner win the lottery then for that to happen.
                                                  What i did then was try an email i do own that i didnt register anywhere, and it also came back as "breached" and it even lists the databases it is on, and it lists sites that i didn't visit EVER. It listed just some random sites that the guy presumes my ip uses.

                                                  So yea, it's a hoax to capture emails. But by all means, go and put all your mails in there.
                                                  good point , i have checked my e-mails on ihbp , half of them are pwned . i believe they test e-mail addresses with e-mail lookup service in background if they were previously registered with websites that known for breaches , they tell you pwned haha . probably e-mail is just registered but not all accounts were effected in those hacks ,almost all disclosed hacked websites from 2015 sent notifications to reset passwords and i did change them ,what next rainbow tables ?

                                                  Comment

                                                  • AdultKing
                                                    Raise Your Weapon
                                                    • Jun 2003
                                                    • 15601

                                                    #26
                                                    Originally posted by gorillaz_
                                                    good point , i have checked my e-mails on ihbp , half of them are pwned . i believe they test e-mail addresses with e-mail lookup service in background if they were previously registered with websites that known for breaches , they tell you pwned haha . probably e-mail is just registered but not all accounts were effected in those hacks ,almost all disclosed hacked websites from 2015 sent notifications to reset passwords and i did change them ,what next rainbow tables ?
                                                    Ah look another peasant.

                                                    Comment

                                                    • ladida
                                                      Confirmed User
                                                      • Nov 2005
                                                      • 2179

                                                      #27
                                                      Originally posted by AdultKing
                                                      Bullshit, you're just another GFY peasant.
                                                      Great arguments. Very valid. Keep dumping emails on the site.
                                                      Originally posted by freecartoonporn
                                                      i am with AK on this one, i have used that site before and its trustworthy.
                                                      You have no idea if it's trustworthy or not, because it doesn't tell you anything other then breached/not breached.
                                                      Originally posted by freecartoonporn
                                                      why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails.
                                                      I did, did you? I just wrote how i tested it. It most likely just checks your ip and from where you're coming from and lists "database" from there, as if you're coming from china it won't list your email as appearing on an US dating service and similar.
                                                      Originally posted by freecartoonporn
                                                      and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses.
                                                      just saying.
                                                      No he doesnt have that, thats the thing. You just presume he has because he said so. Rofl. If indeed he did have those emails anywhere near that site, it would be hacked in no time.
                                                      agentGFY *at* gmail.com

                                                      Comment

                                                      • AdultKing
                                                        Raise Your Weapon
                                                        • Jun 2003
                                                        • 15601

                                                        #28
                                                        Originally posted by ladida
                                                        Great arguments. Very valid. Keep dumping emails on the site.
                                                        Simple peasant.

                                                        You have no idea if it's trustworthy or not, because it doesn't tell you anything other then breached/not breached.
                                                        Incorrect, it lists the breaches and dumps that the email was found in. Fuck, at least get your facts straight before spewing your nonsensical crap.

                                                        I did, did you? I just wrote how i tested it. It most likely just checks your ip and from where you're coming from and lists "database" from there, as if you're coming from china it won't list your email as appearing on an US dating service and similar.
                                                        It checks the email address against dozens and dozens of dumps and breaches and lists which ones the email address was found in.

                                                        No he doesnt have that, thats the thing. You just presume he has because he said so. Rofl. If indeed he did have those emails anywhere near that site, it would be hacked in no time.
                                                        There's no presumption, the site is backed by the best security researchers in the world, did you read that the very best of the best security researchers in the world.

                                                        Fucking simple peasants on GFY. I can't believe I didn't pick up on how technologically inept most of you are here a long time ago.

                                                        Comment

                                                        • Konda
                                                          ...
                                                          • Apr 2003
                                                          • 2280

                                                          #29
                                                          Originally posted by ladida
                                                          because it doesn't tell you anything other then breached/not breached.
                                                          It tells you exactly which breach(es) the email address appears in with a background story of each breach and what details were compromised in that breach.

                                                          For all my email addresses all the breaches listed are services that I actually used that email address for. It is 100% accurate, not something random as it also includes smaller breaches for lesser known services that I used.

                                                          Basically all this tool does is match the email address you enter against all the breached databases and tells you if it appears in one or more of them and tells you which one(s).

                                                          Then they have an additional service where you can sign up for automatic warnings for new breaches, where when there is a new breach it matches the subscribers to the email addresses in that breach and emails you if it found your email address in it.

                                                          They also allow you to opt-out for breaches appearing when searching for your email address. So when someone searches for your email address it will return it was not pwned. This does not remove your email address from the databases, it just sets a flag that when that email address should return no results.

                                                          That's all there is to it. It's a very basic lookup tool and notification service that is made to help people be more secure. People thinking otherwise really have no idea what they are talking about. Do you think if there was any doubt about this all the big security research sites and major news publications would constantly link to the site.

                                                          Comment

                                                          • Bladewire
                                                            StraightBro
                                                            • Aug 2003
                                                            • 56228

                                                            #30
                                                            Troy Hunt is Australian so you can't have a logical fact based discussion with AdultQueen about Troy Hunt storing, and not deleting, email addresses submitted to their notification service and processed through third party email service provider SendGrid.

                                                            AdultQueen licks Troy Hunt's asshole clean because he's a fellow Australian, he literally has a God complex for him.

                                                            The facts are, per the haveibeenpwned.com TOS and SendGrid's TOS emails submitted to the haveibeenpwned.com notification service are never deleted, even when you cancel the service, and data submitted is accessible to third parties via SendGrid, as stated in SendGrids TOS.

                                                            No big deal for anyone, very standard.


                                                            Skype: CallTomNow

                                                            Comment

                                                            • Major (Tom)
                                                              So Fucking Banned
                                                              • Nov 2003
                                                              • 32492

                                                              #31
                                                              Originally posted by AdultKing
                                                              These user database dumps are becoming all too. frequent.

                                                              Check if you've been compromised on https://haveibeenpwned.com




                                                              https://koddos.net/blog/2-2-billion-...new-data-dump/

                                                              Does this mean that the email is currently conpromised? Was at one time compromised? Or does ot mean a service that you have used with that email address was compromised. Can you do your best to elaborate please

                                                              Comment

                                                              • AdultKing
                                                                Raise Your Weapon
                                                                • Jun 2003
                                                                • 15601

                                                                #32
                                                                Originally posted by Bladewire
                                                                AdultQueen licks Troy Hunt's asshole clean because he's a fellow Australian, he literally has a God complex for him.
                                                                If you followed closely, but you don't, you'll know that in the real world I have actually disapproved of Troy Hunt and his relationship with Microsoft and I have also had a run in with Pluralsight over other issues.

                                                                You would also know, if you followed closely, about the work done on K-Anonimity, which is used to protect passwords used on 1Password and other services.

                                                                And if you followed really closely on security and privacy matters then you would clearly know of an issue I found and disclosed two years ago relating to a failing in the de-identification of Australian Census data.

                                                                Comment

                                                                • AdultKing
                                                                  Raise Your Weapon
                                                                  • Jun 2003
                                                                  • 15601

                                                                  #33
                                                                  Originally posted by DukeSkywalker
                                                                  Does this mean that the email is currently conpromised? Was at one time compromised? Or does ot mean a service that you have used with that email address was compromised. Can you do your best to elaborate please
                                                                  Yes sure.

                                                                  What it means is that the email address together with passwords and other identifying data has been disclosed in a breach. Some of these breaches are self disclosed by affected companies but usually they are disclosed by hacker database dumps being found by security researchers.

                                                                  If your email appears in a breach then the breach will be listed. If you have not changed your password since the date of that breach then you should change it because until you change your password you are still at risk. Simply put, until you change your password on a service that has been breached then you are still compromised.

                                                                  Does that help, happy to expand more if needed.

                                                                  Comment

                                                                  • Bladewire
                                                                    StraightBro
                                                                    • Aug 2003
                                                                    • 56228

                                                                    #34
                                                                    Originally posted by AdultKing
                                                                    If you followed closely, but you don't, you'll know that in the real world I have actually disapproved of Troy Hunt and his relationship with Microsoft and I have also had a run in with Pluralsight over other issues.
                                                                    Yes that's why when I quoted the TOS you blew up and started throwing insults like a little bitch and saying what a God Troy Hunt was

                                                                    If you want to continue being unsuccessful don't let verified facts get in the way of your fragile ego.


                                                                    Skype: CallTomNow

                                                                    Comment

                                                                    • AdultKing
                                                                      Raise Your Weapon
                                                                      • Jun 2003
                                                                      • 15601

                                                                      #35
                                                                      Originally posted by Bladewire
                                                                      Yes that's why when I quoted the TOS you blew up and started throwing insults like a little bitch and saying what a God Troy Hunt was

                                                                      If you want to continue being unsuccessful don't let verified facts get in the way of your fragile ego.
                                                                      I blew up because for an intelligent person you came out with the most completely stupid statements. As I said, you're like that great big firecracker that you just can't wait to light and let off, except in your case the fuse just fizzes out and you're left looking at what could have been a spectacular firecracker that will now never go off. You're a fizzer.

                                                                      (Apologies for paraphrasing Paul Keating)

                                                                      Comment

                                                                      • Paul Markham
                                                                        Too old to care
                                                                        • Jun 2001
                                                                        • 52942

                                                                        #36
                                                                        Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.



                                                                        Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
                                                                        PM me for a deal. Skype Paulmarkham70

                                                                        Comment

                                                                        • AdultKing
                                                                          Raise Your Weapon
                                                                          • Jun 2003
                                                                          • 15601

                                                                          #37
                                                                          Originally posted by Paul Markham
                                                                          Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.
                                                                          Your identity is worth stealing. Identities are far greater value than a credit card number.

                                                                          Comment

                                                                          • ladida
                                                                            Confirmed User
                                                                            • Nov 2005
                                                                            • 2179

                                                                            #38
                                                                            Originally posted by AdultKing
                                                                            Incorrect, it lists the breaches and dumps that the email was found in. Fuck, at least get your facts straight before spewing your nonsensical crap..
                                                                            It doesn't. It just namedrops with no relevance. To actually be certain it was breached it would have to list you what it found in the supposed breach. This way you could verify it. Ofcourse it doesnt display anything close to that, and relies on faith of his suckers to think it actually does what it does (ie - you), or possibly payed shills. It's why you're foaming on your mouth because you cant prove anything. Meanwhile, there's no explanation coming why
                                                                            a) random fake emails turn out as "breached"
                                                                            b) email used nowhere turns out as "breached" and on sites i never visited in my life.

                                                                            Keep foaming tho.
                                                                            Originally posted by AdultKing
                                                                            It checks the email address against dozens and dozens of dumps and breaches and lists which ones the email address was found in.
                                                                            No it doesnt.
                                                                            a) The check would take WAY WAY longer then it's displayed on the site
                                                                            b) He doesn't have database with that many emails 100%
                                                                            c) He probably never even saw 50% of the supposed breached databases as if a company discloses it had a breach, it certainly will not send a list of all the users/emails that got breached to some charlatan running a website who's cock you like to put in your mouth way too many times to be considered healthy.
                                                                            Originally posted by AdultKing
                                                                            There's no presumption, the site is backed by the best security researchers in the world, did you read that the very best of the best security researchers in the world.
                                                                            Only it's not. It has you with his cock in your mouth, thats it.
                                                                            Originally posted by AdultKing
                                                                            Fucking simple peasants on GFY. I can't believe I didn't pick up on how technologically inept most of you are here a long time ago.
                                                                            Don't drown in that foam pls.
                                                                            Originally posted by Konda
                                                                            It tells you exactly which breach(es) the email address appears in with a background story of each breach and what details were compromised in that breach.
                                                                            No it doesnt. It namedrops the supposed breach it had happened on, but you have 0 verification on that other then some random website telling you it did. You might as well believe in fairies and leprechauns and try to find one so it brings you luck in life. It's on par.
                                                                            Do you have a plausible explanation as to why fake and non used emails appear "breached" and in sites that i didn't visit 1 time in my life, not even by accident? Just because i came and tested the site with IP that's not my own so it presumed i come from a certain country?
                                                                            Originally posted by Konda
                                                                            For all my email addresses all the breaches listed are services that I actually used that email address for. It is 100% accurate, not something random as it also includes smaller breaches for lesser known services that I used.
                                                                            Yea im sure it does. There's this guy on tv that also guesses which card you imagined out of 10 random cards he shows you. Im pretty sure there's at least 100 people out of a million watching the show that he got it right. And there we have it, he has a 100 people saying he can read mind.
                                                                            In reality he can't.
                                                                            Originally posted by Konda
                                                                            Basically all this tool does is match the email address you enter against all the breached databases and tells you if it appears in one or more of them and tells you which one(s).
                                                                            Basically, for this to happen he would have to have ALL of those emails in the breaches as well in his database. In reality, this is 100% not true as per reasons outlined above. Feel free to answer those questions.
                                                                            Originally posted by Konda
                                                                            Then they have an additional service where you can sign up for automatic warnings for new breaches, where when there is a new breach it matches the subscribers to the email addresses in that breach and emails you if it found your email address in it.
                                                                            Yea, opt in for spam, i know.
                                                                            Originally posted by Konda
                                                                            They also allow you to opt-out for breaches appearing when searching for your email address. So when someone searches for your email address it will return it was not pwned. This does not remove your email address from the databases, it just sets a flag that when that email address should return no results.
                                                                            I also get regular spam in email that has an "opt out" link as well. Just a feature to satisfy legislature so he can harvest emails better.
                                                                            Originally posted by Konda
                                                                            That's all there is to it. It's a very basic lookup tool and notification service that is made to help people be more secure. People thinking otherwise really have no idea what they are talking about. Do you think if there was any doubt about this all the big security research sites and major news publications would constantly link to the site.
                                                                            It's just a spam harvesting machine to harvest more emails. There's really not much to it. Feel free to list all your emails there and deluding yourself it's not what it is and some magical being is hoovering over your safety.
                                                                            agentGFY *at* gmail.com

                                                                            Comment

                                                                            • AdultKing
                                                                              Raise Your Weapon
                                                                              • Jun 2003
                                                                              • 15601

                                                                              #39
                                                                              Originally posted by ladida
                                                                              It doesn't. .......

                                                                              It's just a spam harvesting machine to harvest more emails. There's really not much to it. Feel free to list all your emails there and deluding yourself it's not what it is and some magical being is hoovering over your safety.
                                                                              You're so clueless I don't even know where to begin. Every concern you raised I addressed in this thread, maybe read what I have written and educate yourself.

                                                                              Then read these articles:

                                                                              https://www.forbes.com/sites/daveywi.../#40f43f26509f

                                                                              https://9to5mac.com/2019/01/31/2-2-b...s-compromised/

                                                                              https://www.computerworld.com.au/art...password-dump/

                                                                              https://threatpost.com/773m-credenti...rk-web/140972/

                                                                              The only reason I can see why people would dismiss services such as Have I Been Pwned is if they had something to gain from people not being conscious of their security. People such as Brian Krebs and Troy Hunt have long been hated by cyber criminals because they shine a light on cybercrime.

                                                                              I guess you're either one of two things, a cybercriminal who hates these people that expose cybercrime to the general public or you are simply a stupid, technophobic, wannabe, simple GFY peasant. Which one you are I don't care, however I will continue to call out the fuckwits on this forum for the stupid luddites they are. Dude, you're up there as one of the dumbest peasants on this forum.

                                                                              Comment

                                                                              • pimpmaster9000
                                                                                Too lazy to set a custom title
                                                                                • Dec 2011
                                                                                • 26732

                                                                                #40
                                                                                I tried 5 different made up email addresses and they all came back negative...the problem with putting in a fake email is that email accounts are sold by the 1000-s...they are generated by bots in the millions and along with the billions of people who use gmail,yahoo etc it is really hard to make a fake email address that nobody has used before...this might explain why ladida got sand in his vagina....

                                                                                I put in like 2408rfdjw0s2 at gmail and all such queries produced shit...then I used my gaming gmail and it was actually compromised...my gaming gmail address is random numbers and letters also...
                                                                                Report a suspicious cracker: Click Here

                                                                                Comment

                                                                                • Smack dat
                                                                                  So Fucking Banned
                                                                                  • Jul 2016
                                                                                  • 4613

                                                                                  #41
                                                                                  It's funny that his own email address was pwned. Some security expert lol.

                                                                                  Comment

                                                                                  • D Ghost
                                                                                    null
                                                                                    • May 2006
                                                                                    • 9820

                                                                                    #42
                                                                                    Almost certainly many people's email addresses will be in some dump/paste somewhere. And that's ok if you frequently update your password every couple months But... the cool part is you can run through passwords you've used and see if any of your actual password have bene pwnd https://haveibeenpwned.com/Passwords

                                                                                    Comment

                                                                                    • ladida
                                                                                      Confirmed User
                                                                                      • Nov 2005
                                                                                      • 2179

                                                                                      #43
                                                                                      Originally posted by AdultKing
                                                                                      You're so clueless I don't even know where to begin. Every concern you raised I addressed in this thread
                                                                                      Not really. You have however addressed a lot of logical fallacies and name callings.
                                                                                      Originally posted by AdultKing
                                                                                      The only reason I can see why people would dismiss services such as Have I Been Pwned is if they had something to gain from people not being conscious of their security. People such as Brian Krebs and Troy Hunt have long been hated by cyber criminals because they shine a light on cybercrime.
                                                                                      The logical fallacies continue.
                                                                                      Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant.
                                                                                      Originally posted by Smack dat
                                                                                      It's funny that his own email address was pwned. Some security expert lol.
                                                                                      Yea, not only that, my made up email also got pwned. This guy's a marvel at it's best, hacking my brain. I bow to thee.
                                                                                      agentGFY *at* gmail.com

                                                                                      Comment

                                                                                      • AdultKing
                                                                                        Raise Your Weapon
                                                                                        • Jun 2003
                                                                                        • 15601

                                                                                        #44
                                                                                        Originally posted by ladida
                                                                                        Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant. .
                                                                                        Brian Krebbs supports and recommends Troy Hunt's Have I Been Pnwed.

                                                                                        In facts, Brian Krebbs is probably the most respected Security journalist on the planet and has included Have I Been Pwned in his articles numerous times.

                                                                                        https://krebsonsecurity.com/tag/haveibeenpwned-com/

                                                                                        Would Brian Krebbs recommend the service if it wasn't the real deal?

                                                                                        As I said mate, you're the little village peasant.

                                                                                        You wrote

                                                                                        Originally posted by ladida
                                                                                        I work on security far more then you have even thought about and know far more about these things then you do
                                                                                        Which is your way of saying that you're going to pretend you have some authority on a subject you know little about.

                                                                                        Go away, little village peasant.

                                                                                        Comment

                                                                                        • AdultKing
                                                                                          Raise Your Weapon
                                                                                          • Jun 2003
                                                                                          • 15601

                                                                                          #45
                                                                                          Originally posted by Smack dat
                                                                                          It's funny that his own email address was pwned. Some security expert lol.
                                                                                          Anyone that uses LinkedIn and numerous other services over the years has been Pwned at some point.

                                                                                          Comment

                                                                                          • ladida
                                                                                            Confirmed User
                                                                                            • Nov 2005
                                                                                            • 2179

                                                                                            #46
                                                                                            Originally posted by AdultKing
                                                                                            Brian Krebbs supports and recommends Troy Hunt's Have I Been Pnwed.
                                                                                            Nowhere in that 1st article he endorses the website. He just mentions it. He even goes out and says
                                                                                            Code:
                                                                                            KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security
                                                                                            If he endorsed the site or thought highly of it, he'd ask the owner himself, but he didn't, because it's just a useless spam machine. I like how you don't even understand all the logical fallacies you're spewing throughout your posts.
                                                                                            Originally posted by AdultKing
                                                                                            As I said mate, you're the little village peasant.
                                                                                            Less foam will possibly make you think more clearly. The questions in this thread are yet to be answered in a logical and factual way.
                                                                                            agentGFY *at* gmail.com

                                                                                            Comment

                                                                                            • AdultKing
                                                                                              Raise Your Weapon
                                                                                              • Jun 2003
                                                                                              • 15601

                                                                                              #47
                                                                                              Originally posted by ladida
                                                                                              Nowhere in that 1st article he endorses the website. He just mentions it. He even goes out and says
                                                                                              Code:
                                                                                              KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security
                                                                                              ....
                                                                                              You didn't read enough, I posted a link to every article tagged HaveIBeenPwnd by Brian Krebbs.

                                                                                              In an article about an ILLEGITIMATE hack checking database, Brian Krebbs wrote:

                                                                                              Sometime this weekend, Leakbase began redirecting visitors to haveibeenpwned.com, a legitimate breach alerting service run by security researcher Troy Hunt (Hunt’s site lets visitors check if their email address has shown up in any public database leaks, but it does not store corresponding account passwords).
                                                                                              https://krebsonsecurity.com/2017/12/...ase-goes-dark/

                                                                                              You said this:

                                                                                              Originally posted by ladida
                                                                                              Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant.
                                                                                              If you think highly of Brian Krebbs then please explain why Brian Krebbs links to HaveIBeenPwned in articles?

                                                                                              Maybe you can also explain why Brian Krebbs appeared with Troy Hunt at a security conference early last year?

                                                                                              Mate, you've just Pwned yourself. Clueless useless peasant.

                                                                                              Comment

                                                                                              • Konda
                                                                                                ...
                                                                                                • Apr 2003
                                                                                                • 2280

                                                                                                #48
                                                                                                Originally posted by ladida
                                                                                                It doesn't. It just namedrops with no relevance. To actually be certain it was breached it would have to list you what it found in the supposed breach. This way you could verify it. Ofcourse it doesnt display anything close to that, and relies on faith of his suckers to think it actually does what it does (ie - you), or possibly payed shills. It's why you're foaming on your mouth because you cant prove anything. Meanwhile, there's no explanation coming why
                                                                                                a) random fake emails turn out as "breached"
                                                                                                b) email used nowhere turns out as "breached" and on sites i never visited in my life.

                                                                                                Keep foaming tho.

                                                                                                No it doesnt.
                                                                                                a) The check would take WAY WAY longer then it's displayed on the site
                                                                                                b) He doesn't have database with that many emails 100%
                                                                                                c) He probably never even saw 50% of the supposed breached databases as if a company discloses it had a breach, it certainly will not send a list of all the users/emails that got breached to some charlatan running a website who's cock you like to put in your mouth way too many times to be considered healthy.

                                                                                                Only it's not. It has you with his cock in your mouth, thats it.

                                                                                                Don't drown in that foam pls.

                                                                                                No it doesnt. It namedrops the supposed breach it had happened on, but you have 0 verification on that other then some random website telling you it did. You might as well believe in fairies and leprechauns and try to find one so it brings you luck in life. It's on par.
                                                                                                Do you have a plausible explanation as to why fake and non used emails appear "breached" and in sites that i didn't visit 1 time in my life, not even by accident? Just because i came and tested the site with IP that's not my own so it presumed i come from a certain country?

                                                                                                Yea im sure it does. There's this guy on tv that also guesses which card you imagined out of 10 random cards he shows you. Im pretty sure there's at least 100 people out of a million watching the show that he got it right. And there we have it, he has a 100 people saying he can read mind.
                                                                                                In reality he can't.

                                                                                                Basically, for this to happen he would have to have ALL of those emails in the breaches as well in his database. In reality, this is 100% not true as per reasons outlined above. Feel free to answer those questions.

                                                                                                Yea, opt in for spam, i know.

                                                                                                I also get regular spam in email that has an "opt out" link as well. Just a feature to satisfy legislature so he can harvest emails better.

                                                                                                It's just a spam harvesting machine to harvest more emails. There's really not much to it. Feel free to list all your emails there and deluding yourself it's not what it is and some magical being is hoovering over your safety.

                                                                                                Don't even know how to react to all of this. You are either trolling or very very stupid.

                                                                                                Comment

                                                                                                • AdultKing
                                                                                                  Raise Your Weapon
                                                                                                  • Jun 2003
                                                                                                  • 15601

                                                                                                  #49
                                                                                                  Originally posted by Konda
                                                                                                  Don't even know how to react to all of this. You are either trolling or very very stupid.
                                                                                                  He's a stupid peasant. A simple peasant who has no understanding of what he is either saying or the information presented to him. I don't believe he's trolling.

                                                                                                  Comment

                                                                                                  • rowan
                                                                                                    Too lazy to set a custom title
                                                                                                    • Mar 2002
                                                                                                    • 17393

                                                                                                    #50
                                                                                                    Originally posted by Paul Markham
                                                                                                    Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.
                                                                                                    Criminals don't care about individual people. The point of these dumps is that they're so massive that there are bound to be plenty of people who can be scammed. If your login details don't work, they (or rather their automated systems) will just move onto the next entry in the owned database.

                                                                                                    Originally posted by Smack dat
                                                                                                    It's funny that his own email address was pwned. Some security expert lol.
                                                                                                    That means a third party service which he uses was pwned, not that he was personally hacked. I receive numerous scam emails addressed to unique emails used for my mtgox, btce, bitcointalk etc accounts... because all those sites have been pwned.

                                                                                                    Comment

                                                                                                    Working...