The sheer stupidity of it all re: breached logins

wkleem

I've read in the local newspaper about a 9GB cache of compromised or potentially compromised logins (focusing on local logins) much like Troy Hunt's HIBP. However, unlike Hunt's HIBP, no site was mentioned, not that I would trust a dodgy site, but still...

From Reddit:

https://reddit.com/r/singapore/comments/8eg4pd/premiumcheck_online_to_see_if_your_email_details/

There is a site mentioned in reddit, but not in the print version or, presumably, the paid (subscription) version.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Ben

I agree with the comments in this thread:

https://www.reddit.com/r/singapore/comments/8eg4pd/comment/dxuxpak

:)

Ben

wkleem

Thanks @Ben.

Ben

:+1:

Ben

wkleem

WOW! 1Password is mentioned in one of the comments by “darklajid”

Ben

Saw that. :)

Ben

wkleem

Also emailed Troy Hunt but I am uncertain if he will respond. Both of you, Troy Hunt and Agilebits, do great work.

prime

I’ll have to check this out. I never liked how Reddit’s lay out is. I get annoyed and leave :lol:

Ben

Thanks, wkleem.

Ben

Ben

@prime

I’ve grown acustom to it and for the most part quite like it now. The mobile app / site is pretty rough IMO but the desktop site is not bad. :)

Ben

wkleem

Troy Hunt replied it is old news to him. He even wrote a blog post.

"Yeah, I saw that site pop up a while ago. The 1.4B list is totally blow out of proportion: https://www.troyhunt.com/making-light-of-the-dark-web-and-debunking-the-fud

All those passwords are also already searchable here: https://haveibeenpwned.com/Passwords'

All of it is in Pwned Passwords although 9GB and 1.4B? Must be a lot of redundant info there.

@Ben, Reddit on desktop is fine but I have not tried Reddit Mobile.

AGAlumB

Indeed, I bet Troy's database has a lot of redundancy at this point, as there are only so many weak passwords to go around. Certainly some strong ones have been compromised as well in website breaches, but there are plenty more where those came from. Cheers! :)

wkleem

I have been confused with Pwned Passwords and Have I Been Pwned, both from Hunt. It's likely the same?

Ben

I suppose that would be a better question for Troy. I’m not intimately familiar with the differences in his offerings.

Ben

wkleem

I've emailed him and replied but he may or may not reply a subsequent time.

Ben

:+1:

Ben

jpgoldberg

Although everyone posting here already knows, let me explicitly state that you should be very wary of entering any of your passwords into anything other than the site or service for which it is used.

HIBP uses a protocol while we've evaluated, and we know exactly what information we send to the service. (We do not send passwords.) There is a small information leak when using HIBP, but it is small and known.