01-18-2019
|
1 |
Super Moderator
Join Date: Aug 2011
Posts: 724
|
"Collection #1" Data Breach
Read about it here. Have I Been Pwned is a useful site for checking what breaches you are a victim of, made by the author of the previous link. As good a time as any to review your password/cyber security practices. |
01-18-2019
|
2 | |
Registered User
Join Date: Aug 2013
Posts: 3,204
|
The data breach that happened on Graal was actually a result of breaches like this. Because a lot of people end up being involved in a data breach and don’t even realize it, and people can pay money to access pastebins that have the emails/passwords etc and use that to access your other accounts since a lot of people reuse passwords (which you should never do). I’ll just repost what I wrote when the aforementioned incident occurred, because it contains helpful information that applies here (even if you’re unaffected)
|
|
01-19-2019
|
6 | |
Registered User
Join Date: Aug 2013
Posts: 3,204
|
Your information was involved in six separate data breaches, and four of those breaches have public pastebins with all the stolen data. Remember that time you got "hacked" on here? They just got your password by paying for access to one of the breached sites and then proceeded to try it on all of your accounts for everything. Had a Graal "hacker" threaten me with a pastebin password they got from an e-mail I used like 10 years ago. Same guy that did it to you, and who did it to get access to Toonslab supports data, by searching a globals e-mail and finding a bin to buy it from. Few notable "hackers" use this method - no hacking involved, just spending money. Became clear how they did it when he threatened me with the old e-mail I used, it was a throwaway account made for only one site so I knew exactly how and what they were doing. |
|
01-19-2019
|
8 |
Registered User
Join Date: Aug 2013
Posts: 3,204
|
Yes. The best form of two-step authentication is to use a phone number because it’s something you physically require that they couldn’t get their hands on. If you use an e-mail I would suggest creating a new e-mail specifically for 2FA, and don’t use it ANYWHERE. Make sure the e-mail it’s self is random and has no relation to you at all, as well with the password. If you only ever use it for 2FA there is no trace of it online so they wouldn’t know what e-mail to try and get into. It blurs the e-mail when it asks to send a code to it for 2FA so they wouldn’t see what it is even if they were trying to log into your account and got prompted to verify with the 2FA method you have set up. Some also work as QR codes. You download an Authenticator app (Microsoft/Google both offer a universal one in the Apple Store/Play Store) and then scan the QR code on screen, whenever you want to login you just open the Authenticator app and it’ll have a randomized code for you to put in (it consistently resets like every 10 seconds). Using 2FA will allow you to mark a computer or device as safe, so you won’t be required to do it every single time you login your home computer or phone. |
01-25-2019
|
10 |
The Eternal
Join Date: Apr 2017
Location: York Town
Posts: 1,152
|
Kinda always a good idea to check in and make sure you're not apart of a data breach, Found out my Town of Salem account was breached and from stuff I completely forgot I made an account for, Also found out my facebook account that I havent used in years was hacked by some asian people who are now my somewhat friends on Discord so that's something.
Last edited by Rusix; 01-26-2019 at 02:19 AM.
|
01-26-2019
|
11 |
Wanted Criminal
Join Date: Mar 2013
Location: █████████████
Posts: 126
|
This article that paints a decent picture of which breaches are in this bundle. https://krebsonsecurity.com/2019/01/...-is-years-old/ fun fact: a couple of my various email addresses showed up in this one (town of salemn xD) I made sure to change out the passwords, hasn't been the first time either. its a collection of older breaches that now are even more accessible. Just because its old doesn't mean much because a large % of people still don't change their passwords after seeing the news. |
01-31-2019
|
12 |
Bloodvayne
Join Date: Nov 2012
Posts: 4,087
|
holy. i just had a nightmare about getting hacked. my dream was about my paypal getting hacked and this hacker was using it on different sites and i keep getting email notifications. but i can't get on paypal acct and can't change pw. worst dream ever tbh.
|
01-31-2019
|
13 | |
The Eternal
Join Date: Apr 2017
Location: York Town
Posts: 1,152
|
|
|
02-01-2019
|
14 |
Bloodvayne
Join Date: Nov 2012
Posts: 4,087
|
it's cause i was conscience about it. even though i got hacked couple times, i still had couple pws that i repeat... while old scars never healed, i was still being ignorant about it, until that site completely confirmed that my data was leaked, that became a shock and appeared through my dreams.. so today i changed all of them. they're now all completely different.. i know the dream was semi realistic and even if that really happened, i could easily file fraudulent claims and get money back. but i can't control what i dream.. can i? |
02-17-2019
|
15 |
Bloodvayne
Join Date: Nov 2012
Posts: 4,087
|
EpicNPC + PlayerAuction are 100% "identity thieves". (since they advertise each other, I'm guessing they're affiliated/partners) Some people on Graalians already knows my whole story about PlayerAuction and how they stole my runescape, habbo accounts. This time it's EpicNPC. Today, my alt that I created for multi-purpose got critical security alerts from Gmail and It was attempted login notifications from some African countries. I have my documents for all the sites that I signed up and it was matching to EpicNPCs info. (This account was rarely used on sites, in fact, it was my Google review account) Anyways, idc if u use playerauction or epicnpc, but make sure it's all fake info + weird pw. also when u are trying to sell account, put fake info there as well. cause they don't even check. then u can msg the buyer the pw thru discord or something. |