Thread: O/T: internet security question (leaked details)
View Single Post
  #72   Report Post  
Posted to uk.d-i-y
Scott[_17_] Scott[_17_] is offline
external usenet poster
  
Posts: 1,904
Default O/T: internet security question (leaked details)
On Tue, 21 Jul 2020 17:13:44 +0100, John Rumm
wrote:

On 20/07/2020 09:58, Scott wrote:
On Mon, 20 Jul 2020 08:17:42 +0100, Richard
wrote:



Stick the email address in he https://haveibeenpwned.com

Four breaches, only one makes any sense and you have to subscribe to
find out more details.

There is no subscription as such unless you wish to purchase API lvel
access.

Looks like a con to me.

Which just demonstrates that you should not rely on your intuition in
these matters :-)

(go do some research on Troy Hunt)

In any case, if the breach only amounts to my email address (which
is pretty widely circulated anyway) and the specific password for
the compromised site (which has presumably reset the passwords
anyway), I don't see a problem.

If that were all that was available, then there would be a massive
problem... however in reality it is *much* worse!

Have a look through some of the names in he

https://haveibeenpwned.com/PwnedWebsites


e.g.


Experian

In September 2015, the US based credit bureau and consumer data broker
Experian suffered a data breach that impacted 15 million customers who

[snip]

Breach date: 16 September 2015
Date added to HIBP: 6 September 2016
Compromised accounts: 7,196,890
Compromised data: Credit status information, Dates of birth, Email
addresses, Ethnicities, Family structure, Genders, Home ownership
statuses, Income levels, IP addresses, Names, Phone numbers, Physical
addresses, Purchasing habits



Vodafone

In November 2013, Vodafone in Iceland suffered an attack attributed to
the Turkish hacker collective "Maxn3y". The data was consequently
publicly exposed and included user names, email addresses, social
security numbers, SMS message, server logs and passwords from a variety
of different internal sources.

Breach date: 30 November 2013
Date added to HIBP: 30 November 2013
Compromised accounts: 56,021
Compromised data: Credit cards, Email addresses, Government issued IDs,
IP addresses, Names, Passwords, Phone numbers, Physical addresses,
Purchases, SMS messages, Usernames

Would each of these sites not require to make customers aware at the
time? I'm sure Experian did.
Reply With QuoteReply With Quote