Main Menu

Pwned

According to the web site, ‘;–have i been pwned? my personal email and poorly encrypted password was hacked in the largest data breach of all time, that of Adobe.com back in October of 2013 when almost 153 million user accounts were download by a hacker. Also my account at Forbes.com was hacked in 2014 including my Dr. Conspiracy email address, password, username and website URL according to have i been pwned? That breach netted about 1 million records. I was also burned by the 2013 Target hack, and the 2012 data breach at the South Carolina Department of Revenue (3.8 million tax records).

I checked my email with the pwned site today because there was another big data breach sometime last year that has just come to light. We don’t know where the data comes from (allegedly some dating service, but none admits to it), but it contains 52.5 million emails, MD5 hashed passwords, and usernames. Since this data is going for cheap ($400) on the Darknet, this is a big deal. You can read the story on ZDNet, “One of the biggest hacks happened last year, but nobody noticed.” That comes a day after  it was disclosed that most of the users of mail.ru (57 million) had their account credentials hacked. I don’t have an account there!

While I do all I can (within reason) to protect this site, I learned today that I was running a vulnerable plug-in, not that this particular vulnerability would have compromised anyone’s account information. Updates to the plug-in become available today, and have been installed.

,

6 Responses to Pwned

  1. avatar
    Craig HS May 7, 2016 at 7:21 am #

    And yet, all the problems over the years with Birther websites and accounts have been nefariously perpetrated by Obots. Weird that!

  2. avatar
    Dr. Conspiracy May 7, 2016 at 3:58 pm #

    Anybody who runs their own web site and doesn’t keep their software up to date is asking for trouble.

    Craig HS: Weird that!

  3. avatar
    traderjack May 7, 2016 at 6:35 pm #

    my daughter was hacked last year , and they got 10,000 cc cards from the server, the server was hit with a program that send the info from the final report to the hacker.

    $8,000 attorney fees, 35 submissions to State Attoney generals explaining the problem.

    not very nice thing to happen!

    then she gets hit with the brute force attacks and has about 50-60 attempts an hour from all over the world

    I got hit with ransom ware, and simply shut of the computer without responding and it seemed to clear it out. Did A system restore , and had no problem

    Might be simpler to buy new computer these days

  4. avatar
    gorefan May 7, 2016 at 7:28 pm #

    traderjack:
    my daughter was hacked last year , and they got 10,000 cc cards from the server,the server was hit with a program that send the info from the final report to the hacker.

    $8,000 attorney fees, 35 submissions to State Attoney generals explaining the problem.

    notvery nice thing to happen!

    then she gets hit with the brute force attacks and has about 50-60 attempts an hour from all over the world

    I got hit with ransom ware, and simply shut of the computer without responding and it seemed to clear it out. Did A systemrestore, and had no problem

    Might be simpler to buy new computer these days

    Thanks Obama

  5. avatar
    Dr. Conspiracy May 8, 2016 at 8:07 am #

    A system restore is the way to handle ransomware. A problem now is that Windows 10 uses a file history as its primary backup mechanism, and there’s nothing to prevent ransomware from encrypting that too. The full image backup is available, but not in a prominent location.

    traderjack: I got hit with ransom ware, and simply shut of the computer without responding and it seemed to clear it out. Did A system restore , and had no problem

  6. avatar
    The Magic M (not logged in) May 12, 2016 at 6:08 am #

    I have quite a massive backup scheme that, among many other things, protects me from ransomware:

    1. PC is daily backupped to a NAS
    2. NAS is daily backupped to another location on the NAS
    [these both are to protect me from human errors, like deleting a file I didn’t want to delete; plus is protects me from the PC failing]
    3. NAS is daily backupped (encrypted) to a USB drive with a high version retention (20+ versions)
    [this protects me from ransomware as I will still have the previous versions, and a virus can’t access the USB drive from the PC; also of course it protects me from both the PC and the NAS failing]
    4. Most important files are backupped weekly to two large USB sticks (256 GB) which are stored outside my apartment
    [this protects me from all hard disks failing at once, or other loss of hardware (fire, burglary)]

    Of course the last step wouldn’t work for huge amounts of data (I have a 6 TB RAID 1 with about 3 TB of movies, 1 TB of photos, 200 GB of music and 400 GB of other data, like software, documents etc. and store only the most valuables photos and documents outside the apartment).