Pwds

pvnk · 05-05-2016, 05:17 PM

http://www.iflscience.com/technology/mil...een-stolen

Something about a breach in popular email providers.

Gmail, Yahoo!, Hotmail, and Mail.ru (lol Russians) are affected. Primarily mail.ru though.

Boudica · 05-05-2016, 05:46 PM

Joy. Why aren't companies forcing password changes for users? Or is that not a practical solution?

The Collector is a very apt name huh?

insidious · 05-05-2016, 05:54 PM

I'm not sure if it's considered a breach. I read somewhere about this last night, it seems the guy was crawling leaked usernames/password combinations and adding them to a list. But he may have gotten into something, too. If he hacked all of Yahoo Gmail Mail.ru, and gotten that many email/pass combos out of it, that's pretty awesome actually.

Must have been doing it for a while, too, to have gotten so many of them.

Dismas · 05-05-2016, 05:55 PM

(05-05-2016, 05:54 PM)insidious15 Wrote: I'm not sure if it's considered a breach. I read somewhere about this last night, it seems the guy was crawling leaked usernames/password combinations and adding them to a list. But he may have gotten into something, too. If he hacked all of Yahoo Gmail Mail.ru, and gotten that many email/pass combos out of it, that's pretty awesome actually.

Must have been doing it for a while, too, to have gotten so many of them.

Agreed. Microsoft and Google would alert users.

mothered · 05-07-2016, 03:28 PM

This Is a perfect opportunity to social engineer account holders, for example, Gmail.

Simply claim to be a representative of the Email provider advising that their account Is susceptible to being compromised due to the breach, and that they will be receiving a 6 digit verification code to secure It. Then generate a verification code via Gmail's Recovery options (via "text" and not automated call. The SMS message doesn't denote It's purpose, the automated call does) to the account holder's cell phone and request to reply with the code so It's updated on their account.

Of course, once you receive the code, the objective Is to compromise the account. That's provided 2FA Is not enabled and a cell phone number Is added as a Recovery option on the account.

On topic, I'm just wondering the authenticity of the breach. I shall research further.

Akane · 05-07-2016, 03:41 PM

https://motherboard.vice.com/read/hacker...newsletter

Vice believes it's a load of shit.

mothered · 05-07-2016, 03:46 PM

(05-07-2016, 03:41 PM)Akane Wrote: https://motherboard.vice.com/read/hacker...newsletter

Vice believes it's a load of shit.

And that's coming from a reliable source.

Just reading It now.
Thanks for this, appreciated.

Ice · 05-07-2016, 03:49 PM

Seems nothing serious but i say change passwords and such just in case.

Hero · 05-07-2016, 08:25 PM

One of our main news websites just confirmed that it's complete bullshit.

mothered · 05-08-2016, 02:59 PM

(05-07-2016, 08:25 PM)Hero Wrote: One of our main news websites just confirmed that it's complete bullshit.

From what I Initially read, there was nothing really there to solidify any articles published.

So on those grounds, It's of no surprise If It was all hearsay.

Pwds
Author Message