Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


A lot of PWned web services notification
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

A lot of PWned web services notification

Recently I received several email notification from websites that they have incident with unauthorized access, like ShopBack and MEGA, also asking me to reset the password. MEGA claim that many web services has been pwned.

Actually I rarely use those services. Do yo think I should reset my password?

MEGA - https://i.gyazo.com/2bb123e5b49cec834c1a892459ecfa77.jpg

ShopBack - https://i.gyazo.com/514404606901aed91c6e4ed4cdb3aef7.png

Comments

  • dfroedfroe Member, Host Rep
    edited September 2020

    @chocolateshirt said: Do yo think I should reset my password?

    Why not?
    I mean, setting a new random password and updating your password safe shouldn't be a big deal.

    Thanked by 1chocolateshirt
  • You are right, I will check my old account there..

  • jlayjlay Member
    edited September 2020

    While you're at it, use a different password everywhere. Take your pick at a password management tool, just avoid passwords.txt. I use a derivative of Bitwarden. It's like one of those paid services (eg: LastPass), but free and you can control the data.

    I've also started using email aliases with random vendors (eg: me+vendor@mydomain) - depending on your email provider this is an easy way to have many identities.

    An added benefit is you can sometimes see who sold you out (eg: an advertisement sent to your vendor alias from someone completely different).

  • jackbjackb Member, Host Rep
    edited September 2020

    @jlay said:
    just avoid passwords.txt.

    Devils advocate but I would suspect passwords.txt on Karen's desktop is less likely to get abused for a serious breach than a post it note on her monitor.

    Of course, ideally procedures would be in place to encourage a password manager instead; but - baby steps.

    I would imagine local files are more likely to be target for automated attacks - crypto locker and the like. Something in person is a lot more dangerous.

  • @jackb said:

    @jlay said:
    just avoid passwords.txt.

    Devils advocate but I would suspect passwords.txt on Karen's desktop is less likely to get abused for a serious breach than a post it note on her monitor.

    Of course, ideally procedures would be in place to encourage a password manager instead; but - baby steps.

    I would imagine local files are more likely to be target for automated attacks - crypto locker and the like. Something in person is a lot more dangerous.

    True, but I worry more about mistakenly destroying the file or simply losing track of it. Backing it up becomes a liability (was it encrypted? when?)

    Every little bit helps though - baby steps like you said

Sign In or Register to comment.