According to the web site, ‘;–have i been pwned? my personal email and poorly encrypted password was hacked in the largest data breach of all time, that of Adobe.com back in October of 2013 when almost 153 million user accounts were download by a hacker. Also my account at Forbes.com was hacked in 2014 including my Dr. Conspiracy email address, password, username and website URL according to have i been pwned? That breach netted about 1 million records. I was also burned by the 2013 Target hack, and the 2012 data breach at the South Carolina Department of Revenue (3.8 million tax records).
I checked my email with the pwned site today because there was another big data breach sometime last year that has just come to light. We don’t know where the data comes from (allegedly some dating service, but none admits to it), but it contains 52.5 million emails, MD5 hashed passwords, and usernames. Since this data is going for cheap ($400) on the Darknet, this is a big deal. You can read the story on ZDNet, “One of the biggest hacks happened last year, but nobody noticed.” That comes a day after it was disclosed that most of the users of mail.ru (57 million) had their account credentials hacked. I don’t have an account there!
While I do all I can (within reason) to protect this site, I learned today that I was running a vulnerable plug-in, not that this particular vulnerability would have compromised anyone’s account information. Updates to the plug-in become available today, and have been installed.