cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Collection #1 data dump

YAPDD (Yet Another Password Data Dump)

 

"Collection #1" is the latest huge mass of email addresses, passwords, and miscellaneous files that privacy and security researchers are expressing concerns about.  If you re-use email addresses and passwords to access a lot of different sites, then you may be open to identity theft and other attacks.  Another report here.  And another.

 

You can check Have I Been Pwned? (HIBP) to see if your email address has been found in one of these files (although it won't tell you where it's been found or with what password).  It does have a separate page where you can search to see if your password has been found in a dump, but not what email address it's associated with.  That's probably good for privacy issues, but it isn't all that helpful when trying to find out if you are actually in any danger.

 

I had a look at the list of sites from which the data was collected.  Nothing jumped out at me in terms of sites that I have used or visited.  I did notice an awful lot of the sites are Russian, and that a lot of them seem to relate to job searching.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
Highlighted
Community Champion

Re: Collection #1 data dump

Very good - an opportunity to use a password manager and change all those passwords with very strong construction techniques. 

 

I found a few on my LinkedIn account, so gone through the obligatory exercise.   

 

Regards

 

Caute_cautim


@rslade wrote:

YAPDD (Yet Another Password Data Dump)

 

"Collection #1" is the latest huge mass of email addresses, passwords, and miscellaneous files that privacy and security researchers are expressing concerns about.  If you re-use email addresses and passwords to access a lot of different sites, then you may be open to identity theft and other attacks.  Another report here.  And another.

 

You can check Have I Been Pwned? (HIBP) to see if your email address has been found in one of these files (although it won't tell you where it's been found or with what password).  It does have a separate page where you can search to see if your password has been found in a dump, but not what email address it's associated with.  That's probably good for privacy issues, but it isn't all that helpful when trying to find out if you are actually in any danger.

 

I had a look at the list of sites from which the data was collected.  Nothing jumped out at me in terms of sites that I have used or visited.  I did notice an awful lot of the sites are Russian, and that a lot of them seem to relate to job searching.


 

Highlighted
Community Champion

Re: Collection #1 data dump

 

Thank God for password management. Something else that would help not getting victimized by stuff like this is multi-factor authentication...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz