The addresses - and in some cases associated passwords - have apparently been gathered to help spread banking malware.
http://www.bbc.co.uk/news/technology-41095606
Article says you can check to see if your email address is on that list via:
https://haveibeenpwned.com/
Mine is not on that list.
Replies sorted oldest to newest
Just a quick question.
How do we know the checking site is legit and if they are not 'scooping' email addresses.??
Enthusiastic Contrafibularities posted:
Just a quick question.
How do we know the checking site is legit and if they are not 'scooping' email addresses.??
A very valid question and one that had crossed my mind before I posted above. The site was created in December 2013 by Troy Hunt, a web security expert.
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
The site has been in the papers before, for instance in the Mail in December 2015
http://www.dailymail.co.uk/sci...-Ashley-Madison.html
Note that the site is an https one indicating that the data you submit to it is sent more securely than a http site.
El Loro posted:I also checked the email address of someone I know where I've had spam emails supposedly from them in the past and the site did confirm that their email address had been identified as at risk.
I checked my works email first. 
Then I made one up very similar and it came up clean, so I figure from that small test it seems to be working as described.
My personal ones all came up pwned. So I guess for safeguarding purposes I will get onto a known clean device (I have a ghost image of my computer) and reset some of my pa55w0rd5.
Mine has been scooped so what do I do???
Saint posted:Mine has been scooped so what do I do???
I have no idea, Sainty, but this quote is from the BBC article:
"I recommend you to change your password, and be more vigilant with the emails that you receive, now you know that you're on malware deliverers' lists," he said.
Saint posted:Mine has been scooped so what do I do???
Do what I have done. Use a known clean device, logon to all affected accounts and change the passwords.
Passy changed 
Saint posted:Passy changed
I'm going one further and changing some of my website passwords like GaGaJoyJoy for example.
Enthusiastic Contrafibularities posted:Saint posted:Passy changed
I'm going one further and changing some of my website passwords like GaGaJoyJoy for example.
They could steal your flounce
Imagine that !!!
Saint posted:Enthusiastic Contrafibularities posted:Saint posted:Passy changed
I'm going one further and changing some of my website passwords like GaGaJoyJoy for example.
They could steal your flounce
Imagine that !!!
My new password for GGJJ is based on a SHA512 Hash.
056C95AB23358AB9ED29158D9DB92AF86C06BC79AB4808181C06DF92615870B4DB780DC557A8B0532E8F7DFE412072BF58A71D1BB3D8C10525A1F85965C3CFB4
Mine was based on a friends dog 
Saint posted:Mine was based on a friends dog
Rover
Fido
Spot
Colin
Colin 
All I can reveal is that he has half a pink lip and half a brown lip LOL
I'm fed up having to change all these ruddy passwords
I forget what I chose
Tried a few accounts, all came up clear.
Saint posted:Colin
All I can reveal is that he has half a pink lip and half a brown lip LOL
I'm fed up having to change all these ruddy passwords
I forget what I chose
Ah! So it's 'halfpinkhalfbrown' . Now just to work out where the Capital letter(s) is/are and what the numbers are and whether there are 'special characters'.........back in a jiffy! 
Thanks for posting this thread, El Loro. As some of you will know, I've been on holiday and without internet access, so there's little I could do about this until now.
A colleague informed me about haveibeenpwnd a while back and I was "clean" then, but it looks like this latest hack has finally caught me - so: new password time... 
My lesser-used address is still clean, but I see my work email has finally been pwnd too - not that I'll be the only one there. 
Quite a few colleagues were caught in previous hacks, so I'll probably check a few other addresses, but wait till I'm back at work and able to see what action IT are taking before I escalate things (needless to say, company policy enforces 90-day password changes, and I'm due soon anyway).
Thanks El Loro 
