-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
gmail passwords leaked
Page 4 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Red Squirrel
No Lifer
You don't gain access to thousands of accounts in a single instant through phishing. There's more to it than these companies are willing to admit.
Gooberlx2
Lifer
From what I've read, just like the fappening, it likely wasn't a single instance collection. Instead it's a collection from other compromised websites where people used the same login credentials.
Platypus
Lifer
lxskllr
No Lifer
and this is why I don't use 2 factor authentication. I'd rather do it with a password/gpg key combo. That way doesn't rely on a specific electronic device to access the account.
As to the why .7z... 7z is my cross platform archive of choice for large files. Small stuff I use zip, and for GNU/Linux only, I use tar.gz. Rar is anti-social, and shouldn't be used for anything.
Using an authenticator app doesn't give anyone you phone number. But if you are using a smartphone, there are apps like Facebook (and others, including some potentially shady ones) which can see your phone number and contacts unless you specifically block access using root privacy controls like XPrivacy or App Ops on Android.
Now if you are using a dumb phone, you are safe from that. I think there's even a standalone Java-based authenticator application that works for some feature phones, though.
People should be turning on encryption on any and all smartphones, including microSD encryption if your hardware supports microSD. Especially if you sell or give away your old phones, because it's possible for someone to recover data off them even if you factory reset.
Last edited:
Red Squirrel
No Lifer
Hmmm did not realize that's what it was, the news is very missleading then as they seem to say it's google that got hacked. I think it's more important to know which site got hacked and the blame should be on them, not Google. The news makes it sound like it's gmail that got hacked.
CZroe
Lifer
The website I used to check my address tells me that they do not filter the periods out of the leaked usernames or the search queries. Because Google IGNORES periods and will deliver n.a.m.e@gmail.com or na.me@gmail.com to name@gmail.com, a lot of people will THINK they are safe when they check and may not change their passwords!
Even if you use [first initial].[lastname]@gmail.com as your email, the leaked list may have the period filtered out. You will have to search for your email with and without the dot! If, like me, you sometimes used the quirk to sign up for something with a variant of your typical address, you may find it impossible to reliably check using that tool. Why might someone do that? To use the same email to register for something a second time or use it to identify who leaked your email ("I only used that variant of my gmail address on that one particular website and now I'm getting seemingly unrelated spam with that same arrangement of periods in the username!").
Even if you use [first initial].[lastname]@gmail.com as your email, the leaked list may have the period filtered out. You will have to search for your email with and without the dot! If, like me, you sometimes used the quirk to sign up for something with a variant of your typical address, you may find it impossible to reliably check using that tool. Why might someone do that? To use the same email to register for something a second time or use it to identify who leaked your email ("I only used that variant of my gmail address on that one particular website and now I'm getting seemingly unrelated spam with that same arrangement of periods in the username!").
Red Squirrel
No Lifer
Forgot about the period issue. Can use some text manipulation commands like tr in Linux to get rid of it.
I hope you guys arn't actually inputting your addresses on these random sites, right? :| I would not really trust those. Use the list posted a while ago and just do a grep search.
Something like this:
Mine is not in there so I'm good. Though, not sure how accurate that list is.
I don't really use gmail though but it is tied to a few things I used like adsense and youtube, so I changed my password anyway to be safe.
In fact I should go around and change ALL my passwords for all services. For most things I use a password database anyway and don't actually know them by heart.
I hope you guys arn't actually inputting your addresses on these random sites, right? :| I would not really trust those. Use the list posted a while ago and just do a grep search.
Something like this:
Code:
grep -i [username] google_5000000.txt | tr -d "."Mine is not in there so I'm good. Though, not sure how accurate that list is.
I don't really use gmail though but it is tied to a few things I used like adsense and youtube, so I changed my password anyway to be safe.
In fact I should go around and change ALL my passwords for all services. For most things I use a password database anyway and don't actually know them by heart.
pontifex
Lifer
one article i read said it was outdated.
When I go to Google Authenticator web site, the first step is:
Setting up the app
1. If you havent already, complete the SMS/Voice setup and enroll your account in 2-Step Verification using your phone number.
Are you saying I can skip this step?
And the need to download barcode scanner app is also offputting...
I don't have facebook app, I only installed and used 3-4 apps in the last 3 years. Google can probably get to my number since I have an android phone and I need to use google account for Play Store. But technically they shouldn't associate it with google account. I'm still pissed how linked-in pulled in my gmail contacts even though I (thought I) was careful not to allow this on both linkedin and gmail. I must've missed some small print somewhere at some point, I've seen some lawsuit against linkedin at the time too...
It's like backups, I do them very infrequently. I need to get burned to get my lazy ass moving...
Very misleading. It was actually a wide majority of the Internet, including Google, who were infiltrated during Heartbleed.
Not only that...
Google knew about Heartbleed for around a month and never told anyone
http://bgr.com/2014/04/15/google-heartbleed-security-patch/
GRC: Google Chrome Only Blocks 3% of Sites Compromised by Heartbleed. Yikes!
http://news.softpedia.com/news/GRC-...-Sites-Compromised-by-Heartbleed-439928.shtml
And while Apple wasn't affected directly by Heartbleed, the Gotofail bug did trick iOS and Mac devices to accept invalid SSL certificates....
Apple's 'goto fail' tells us nothing good about Cupertino's software delivery process
http://www.zdnet.com/apples-goto-fa...ertinos-software-delivery-process-7000027449/
Let's also remember the Android's WebView exploit that provided *full control* of remote devices. Hackers developed tools that allowed virtually anyone to exploit this flaw, of which a majority of Android devices still appear vulnerable.
New Android 'Fake ID' flaw empowers stealthy new class of super-malware
http://appleinsider.com/articles/14...empowers-stealthy-new-class-of-super-malware-
End-users have short memories and hackers capitalize on that fact.
RossMAN
Grand Nagus
Thanks to everyone who mentioned this, I didn't even know Google offered this, until now.
https://www.google.com/landing/2step/
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
