passwords and hash keys in the wild - a question

green4parrot
green4parrot
Community Member
in Lounge

I have some data that’s been exposed. I can see some recognisable passwords - so that’s fine, I know where I stand, ... but then there are these hash keys.

Can someone more informed than me, advise if the passwords in the hash remain safe because even though the hash is exposed it cannot be opened?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @green4parrot! 👋

    I'm sorry that some of your information may have been compromised. So that I can provide the best advice, can you tell me a little more about the situation? Was this a breach that you were warned about by 1Password's Watchtower feature? What exactly was breached? One of your devices? Or a particular service that you're using?

    I look forward to hearing from you.

    -Dave

  • green4parrot
    green4parrot
    Community Member

    Thank you for your response. These are fairly old breaches that came to my attention via Watchtower. I had pretty much ignored these breaches because I have unique passwords and as far I could ascertain the only issue was the username, ie emails were out in the wild. I had been getting increasing sexual explicit spam so this and spam generally was the only outcome of these security breaches (eg like the ancient Adobe breach). [Of course there are other possibilities] Anyway I lost patience with this and have slowly gone thru my 1Password database and removed/changed where I can the offending emails as usernames and typically replaced with masked emails. I seem to now have less spam on the offending email accounts, but this is probably just coincidental. What I really wanted to understand was in LeekPeek there were some usernames and passwords exposed - but in other cases the use username and hash exposed. The hash is meant to be secure? So does this mean if the bad guys just get a hash there is no easy way to get the underlying password? I look forward to hearing your expert feedback. Thank you!

  • Tertius3
    Tertius3
    Community Member

    @green4parrot If you refer to the Watchtower information about compromised user accounts, you're safe if you change the passwords on the corresponding websites. If you followed best practice and have unique passwords for all of your accounts, that's fairly simple. If you don't have unique passwords for all your accounts, you need to change all passwords on all accounts where you have the same password. Take this as opportunity to change all of these into unique passwords.

    Increased spam is not the sign of such a breach. It also doesn't help to change the username on some website and expect spam will reduce, because the spammers have big email address databases they just use for their mails. Once they have your "real" email address, which seems the case, it will be spammed forever. We all suffer from that, globally, every single person in the world who uses email.

    If you actually get spam in your email inbox, consider changing your email provider. Good email providers are able to filter almost all spam. More than 1-2 spam per week in your regular inbox is usually a sign of bad spam filtering on your email provider side.