Pwned Password's

7
Posted 3rd Oct
I use my company laptop for most of my online shopping/banking/browsing and almost anything to do with the internet as i thought it had adequate protection however I received a notification from the AVAST password checker they have found my username and password on the dark web but not where they would work.

I dont have use have the same passwords and have easily been able to track down which password is associated with which site and changed them. I refuse to disclose any personal detail with anyone who calls me.

I normally allow chrome to suggest a password or use upto 20 character password.

Our company use Symantec endpoint protection but i'm puzzled how this hasn't detected any malicious software.

Or could there be more leaks happening which these companies are not reporting?
Community Updates
Ask
Top comments
Basically use individual passwords for all sites and use 2FA where possible, especially on email accounts. Passwords should be complex and don’t use browser password managers as these are extremely poor and easy to gain access to.

You should have multiple email accounts and link your secure items such as bank etc to an email address you do not use for anything else, have another email address for rubbish like Facebook and forums etc. That way if it’s compromised they will only get an email address, specific password to the site and no chance of getting access to your bank etc from the details. When using forums register with slightly different info such as dob etc so if it’s breached its not real info.

Symantec endpoint couldn’t catch a cold btw. It’s next to useless. We had it in my workplace and it rarely ever found anything unless it was something that had been going around for 5 years or so.

When using payment cards use something like Revolut online as it’s easy to block if a site gets compromised.
Edited by: "cmdr_elito" 4th Oct
7 Comments
If you are using Chrome as a password manager you should be okay. Have you tried a site such as Have I Been Pwned? That would generally tell you where your username and password leak is from, but it isn't the most detailed database.
I had a look there, but only one i could find a Netflix from August 2019 but the dump has since been deleted but doesn't list any of the most recently ones that Avast reported.
samosa03/10/2019 23:44

I had a look there, but only one i could find a Netflix from August 2019 …I had a look there, but only one i could find a Netflix from August 2019 but the dump has since been deleted but doesn't list any of the most recently ones that Avast reported.


Also try Leaked Source. It's highly likely that they just found your details on a combo list as opposed to the source of the hack. Site may not have publicly announced or may not even be aware of the data breach.
Thanks, will check it out.
Basically use individual passwords for all sites and use 2FA where possible, especially on email accounts. Passwords should be complex and don’t use browser password managers as these are extremely poor and easy to gain access to.

You should have multiple email accounts and link your secure items such as bank etc to an email address you do not use for anything else, have another email address for rubbish like Facebook and forums etc. That way if it’s compromised they will only get an email address, specific password to the site and no chance of getting access to your bank etc from the details. When using forums register with slightly different info such as dob etc so if it’s breached its not real info.

Symantec endpoint couldn’t catch a cold btw. It’s next to useless. We had it in my workplace and it rarely ever found anything unless it was something that had been going around for 5 years or so.

When using payment cards use something like Revolut online as it’s easy to block if a site gets compromised.
Edited by: "cmdr_elito" 4th Oct
What cmdr_elito said.

I use my Virgin Media email account for Ebay, PayPal etc but use an ancient 20 year old Hotmail account for forums – my passwords are all significantly different and memorised.

I recently received a ransom email on my hotmail account with an old unused password as the email title/header. They wanted $800 in bitcoin otherwise they’d leak “compromising webcam footage” of me. Found out that my details had been leaked half a dozen times from sites like Myspace.
Trying to understand what went wrong is probs too much , if a site you subscribed to got hacked your not going to have dodgy software in your laptop, the website server gave it up not your laptop , change it and move on
Post a comment
Avatar
@
    Text

    Discussions

    Top Merchants