![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Copy/pasted from a Facebook post I just made:
Hmm, this is an interesting site... (Found via a news post from Dreamwidth talking about a potential data breach on their end.)
https://haveibeenpwned.com/
You plug in your email address and it tells you if that email has been involved with sites that have been breached at some point. My main gmail email address appears to be clean, but when I plugged in my old, defunct Comcast account, it had been "pwned" on 10 different breached sites, apparently.
Here is the full message copy/pasted from Dreamwidth, by the way:
-----
Hello all!
A number of people have recieved spam extortion emails in the past week or so containing passwords they've used on social network sites and demanding Bitcoin ransom. Some people have reported the emails included passwords they've used on Dreamwidth in the past, so we've taken the past few days to examine our servers for sign of compromise.
We do not currently believe that we're the source of the data breach that resulted in these emails. With the evidence we have at the moment, augmented by independent work other researchers have done, we're reasonably confident the breach happened on another social network site at least several years ago. If the password in the email matches your Dreamwidth password or a password you've used on Dreamwidth in the past, it's because you used the password on that other site during the time period in question.
We won't name the site yet because they haven't made a public announcement confirming the breach, but if you receive an email containing a password of yours, you should:
* Change your password anywhere else you've ever used that password (or a variant that follows a predictable scheme, like Password+Sitename).
* Install a password manager such as 1Password or LastPass to keep track of your passwords for you, so that you can use unique, complex passwords for each site you have an account on without having to remember (or retype!) them -- this really cuts down on the temptation to use the same password on multiple sites, I've found!
* Sign up for Have I Been Pwned? alerts, or at least check any email address you use regularly in their database, to let you know if a compromised password of yours is being circulated or sold. (HIBP is a legit resource run by a security researcher, and it doesn't ask for or reveal any passwords, just your email address.)
We're leaving comments screened for this post, but if you have any questions, you can ask in our public support area if your question doesn't involve sensitive information, or email webmaster@dreamwidth.org if your question involves anything you don't want to be public.
Hmm, this is an interesting site... (Found via a news post from Dreamwidth talking about a potential data breach on their end.)
https://haveibeenpwned.com/
You plug in your email address and it tells you if that email has been involved with sites that have been breached at some point. My main gmail email address appears to be clean, but when I plugged in my old, defunct Comcast account, it had been "pwned" on 10 different breached sites, apparently.
Here is the full message copy/pasted from Dreamwidth, by the way:
-----
Hello all!
A number of people have recieved spam extortion emails in the past week or so containing passwords they've used on social network sites and demanding Bitcoin ransom. Some people have reported the emails included passwords they've used on Dreamwidth in the past, so we've taken the past few days to examine our servers for sign of compromise.
We do not currently believe that we're the source of the data breach that resulted in these emails. With the evidence we have at the moment, augmented by independent work other researchers have done, we're reasonably confident the breach happened on another social network site at least several years ago. If the password in the email matches your Dreamwidth password or a password you've used on Dreamwidth in the past, it's because you used the password on that other site during the time period in question.
We won't name the site yet because they haven't made a public announcement confirming the breach, but if you receive an email containing a password of yours, you should:
* Change your password anywhere else you've ever used that password (or a variant that follows a predictable scheme, like Password+Sitename).
* Install a password manager such as 1Password or LastPass to keep track of your passwords for you, so that you can use unique, complex passwords for each site you have an account on without having to remember (or retype!) them -- this really cuts down on the temptation to use the same password on multiple sites, I've found!
* Sign up for Have I Been Pwned? alerts, or at least check any email address you use regularly in their database, to let you know if a compromised password of yours is being circulated or sold. (HIBP is a legit resource run by a security researcher, and it doesn't ask for or reveal any passwords, just your email address.)
We're leaving comments screened for this post, but if you have any questions, you can ask in our public support area if your question doesn't involve sensitive information, or email webmaster@dreamwidth.org if your question involves anything you don't want to be public.
