Graalians

Graalians (https://www.graalians.com/forums/index.php)
-   Technology (https://www.graalians.com/forums/forumdisplay.php?f=54)
-   -   "Collection #1" Data Breach (https://www.graalians.com/forums/showthread.php?t=41220)

Jarace 01-18-2019 01:47 AM

"Collection #1" Data Breach
 
Read about it here.

Have I Been Pwned is a useful site for checking what breaches you are a victim of, made by the author of the previous link.

As good a time as any to review your password/cyber security practices.

Colin 01-18-2019 02:36 AM

The data breach that happened on Graal was actually a result of breaches like this. Because a lot of people end up being involved in a data breach and don’t even realize it, and people can pay money to access pastebins that have the emails/passwords etc and use that to access your other accounts since a lot of people reuse passwords (which you should never do).

I’ll just repost what I wrote when the aforementioned incident occurred, because it contains helpful information that applies here (even if you’re unaffected)
Quote:

Posted by Colin (Post 823988)
In light of this you should:
  • You should reset the password of any accounts that use this same password (Like personal mail). The effect of this breach is made worse if you reused the same passwords. Like If your Graalonline Support password was the same as your Game password, hackers can potentially access your Graalonline account.
  • You should ignore any Email asking for your Graalonline password or asking you to access a Web site. If you receive such Email or have any questions please contact [email protected]

It is important to create a strong and secure password in order to prevent things like this from happening.

A strong password:
  • Is at least eight characters long.
  • Contains a mix of letters, numbers and characters.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete word.
  • Is significantly different from previous passwords.

Another important step for staying secure is two-step authentication, when you enable 2-Step Verification, you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone, another e-mail, etc) so even if your password is breached they can not access it without the second verification method.

For more information on staying secure this site outlines some helpful information: http://www.whoishostingthis.com/reso...ernet-security.


Perseus 01-18-2019 02:45 AM

Holy ****in **** Batman

The Doctor 01-18-2019 11:42 PM

I got the email. I encourage everyone to sign up to Troy Hunt’s mailing list. Also, never reuse passwords, use a password manager, and be smart.

Zetectic 01-18-2019 11:56 PM

Quote:

Main email address:
"Oh no — pwned!
Pwned on 4 breached sites and found no pastes (subscribe to search sensitive breaches)"
Quote:

Game email address:
"Oh no — pwned!
Pwned on 6 breached sites and found 4 pastes (subscribe to search sensitive breaches)"
Quote:

Alt gaming address has no breach.
Quote:

Also a surprise result from my 'whatever' acct, where i use that email on any 'suspicious sites' that i don't wanna give my info to, but it has no breach
... very bad result from first two emails. though all the pw have been changed since i've been hacked like 3 times, not counting smaller ones (like pw attempts). <-it's like aftershock effect after the earthquake. nowadays, i keep a document w/ all diff pws. but it's so annoying whenever i gotta get on to see the pw.

btw, what does it exactly mean to have "6 breached sites" and "4 pastes"?
does that mean they got my data from 6 hacked sites and shared 4 times?

Colin 01-19-2019 04:40 AM

Quote:

Posted by Zetectic (Post 823998)
btw, what does it exactly mean to have "6 breached sites" and "4 pastes"?
does that mean they got my data from 6 hacked sites and shared 4 times?

Yes.

Your information was involved in six separate data breaches, and four of those breaches have public pastebins with all the stolen data. Remember that time you got "hacked" on here? They just got your password by paying for access to one of the breached sites and then proceeded to try it on all of your accounts for everything. Had a Graal "hacker" threaten me with a pastebin password they got from an e-mail I used like 10 years ago. Same guy that did it to you, and who did it to get access to Toonslab supports data, by searching a globals e-mail and finding a bin to buy it from.

Few notable "hackers" use this method - no hacking involved, just spending money. Became clear how they did it when he threatened me with the old e-mail I used, it was a throwaway account made for only one site so I knew exactly how and what they were doing.

Sir Travis 01-19-2019 12:32 PM

Does two step authentication stop these forms of attack?

Colin 01-19-2019 12:56 PM

Quote:

Posted by Sir Travis (Post 824012)
Does two step authentication stop these forms of attack?

Yes.

The best form of two-step authentication is to use a phone number because it’s something you physically require that they couldn’t get their hands on.

If you use an e-mail I would suggest creating a new e-mail specifically for 2FA, and don’t use it ANYWHERE. Make sure the e-mail it’s self is random and has no relation to you at all, as well with the password. If you only ever use it for 2FA there is no trace of it online so they wouldn’t know what e-mail to try and get into. It blurs the e-mail when it asks to send a code to it for 2FA so they wouldn’t see what it is even if they were trying to log into your account and got prompted to verify with the 2FA method you have set up.

Some also work as QR codes. You download an Authenticator app (Microsoft/Google both offer a universal one in the Apple Store/Play Store) and then scan the QR code on screen, whenever you want to login you just open the Authenticator app and it’ll have a randomized code for you to put in (it consistently resets like every 10 seconds).

Using 2FA will allow you to mark a computer or device as safe, so you won’t be required to do it every single time you login your home computer or phone.

Sir Travis 01-19-2019 01:05 PM

Hooray for the two step :D

And thanks for the info, this was a real eye opener

Rusix 01-25-2019 07:08 PM

Kinda always a good idea to check in and make sure you're not apart of a data breach, Found out my Town of Salem account was breached and from stuff I completely forgot I made an account for, Also found out my facebook account that I havent used in years was hacked by some asian people who are now my somewhat friends on Discord so that's something.

captainhaxs 01-26-2019 02:37 AM

This article that paints a decent picture of which breaches are in this bundle.
https://krebsonsecurity.com/2019/01/...-is-years-old/
fun fact: a couple of my various email addresses showed up in this one (town of salemn xD) I made sure to change out the passwords, hasn't been the first time either.
its a collection of older breaches that now are even more accessible.
Just because its old doesn't mean much because a large % of people still don't change their passwords after seeing the news.

Zetectic 01-31-2019 05:50 PM

holy. i just had a nightmare about getting hacked. my dream was about my paypal getting hacked and this hacker was using it on different sites and i keep getting email notifications. but i can't get on paypal acct and can't change pw. worst dream ever tbh.

Rusix 01-31-2019 11:40 PM

Quote:

Posted by Zetectic (Post 824121)
holy. i just had a nightmare about getting hacked. my dream was about my paypal getting hacked and this hacker was using it on different sites and i keep getting email notifications. but i can't get on paypal acct and can't change pw. worst dream ever tbh.

You..Have some pretty unusual nightmares, Atleast they are somewhat semi-realistic so atleast you fear real world issues. But you i wouldn't worry about that if i was you, Paypal things like that are fairly simple to fix up, I've had someone hack my paypal a few years back.

Zetectic 02-01-2019 07:08 AM

it's cause i was conscience about it. even though i got hacked couple times, i still had couple pws that i repeat... while old scars never healed, i was still being ignorant about it, until that site completely confirmed that my data was leaked, that became a shock and appeared through my dreams.. so today i changed all of them. they're now all completely different..

i know the dream was semi realistic and even if that really happened, i could easily file fraudulent claims and get money back. but i can't control what i dream.. can i?

Zetectic 02-17-2019 11:18 PM

EpicNPC + PlayerAuction are 100% "identity thieves". (since they advertise each other, I'm guessing they're affiliated/partners)
Some people on Graalians already knows my whole story about PlayerAuction and how they stole my runescape, habbo accounts.

This time it's EpicNPC.
Today, my alt that I created for multi-purpose got critical security alerts from Gmail and It was attempted login notifications from some African countries. I have my documents for all the sites that I signed up and it was matching to EpicNPCs info. (This account was rarely used on sites, in fact, it was my Google review account)

Anyways, idc if u use playerauction or epicnpc, but make sure it's all fake info + weird pw. also when u are trying to sell account, put fake info there as well. cause they don't even check. then u can msg the buyer the pw thru discord or something.


All times are GMT. The time now is 01:43 AM.

Powered by vBulletin/Copyright ©2000 - 2020, vBulletin Solutions Inc.