The following post will be in English, i might rewrite it in german later on.
Basically, what happened is that i was notified of my data being leaked after a so-called breach got shared online. Here’s the whole story:
It started with me hanging around in a random forum, with a chatbox having an active discussion about Account Security. I as interested and decided to read the conversation, until someone suggested to everyone to check their accounts on http://haveibeenpwned.com. I sort of remember the url, yet was unsure if it was actually a legitimate service. After browsing the site i then decided to check my mails and usernames for any breaches, resulting in nothing. I came back to the site a bit later to set up the automated message for my email if something happens to go wrong and i would need to take action.
After the signup and confirmation progress i actually recieved message which told my about a new breach and if i was perhaps willing to help verificating the breach and if it was legit. After accepting, i was sent a description of my password and my username, which were correct. This obviously scared me since there was alot of stuff i put hard labor in such as my Youtube Channel http://youtube.com/hennihenner and Reddit, Twitter, Steam, etc.
The issue is that i am using the same password since 2011. Bad idea. Although there is a chance i used a variation of the password, knowing a part is a part too much. So i decided not to panic and rather take serious action. Starting from my E-mail Accounts, to my Social media, and then things like Steam and special game accounts. And although i am still not done and got all passwords changed, alot of them now have singular passwords which are only noted down in a physical book (which doesn’t have „PASSWORDS“ written on it). This will be a huge fallback in terms of entering passwords quickly, but i will eventually get in the hang of it. This is much better than having a bulk of accounts on one branch waiting to be cut of by someone – since the old password is online – and then perhaps stolen or used for spamming everything you don’t want to be spammed with. I even changed things like AppleID and such, since those contain actual money and that would be rather bad.
I am probably lucky for being so quick about things since right now apparently no one has accessed any of my accounts or changed passwords. The whole thing resulted in something that i wanted to have done a long time ago but always wasn’t in the mood of spending 2 hours finding accounts and going through the verification processes. I ended up using a password generator „XKPassword“ to customize my password style and not have completely random stuff waiting to be memorized.
Do not have everything on one password. I was told this many times aswell, but was always defending myself with things like „But i only use safe websites“ and „Why would someone hack something that doesnt contain money“. But now it happened. I would probably recommend everyone either change passwords regularly (which is alot of work and will just end up in a mess of letters and numbers) or have atleast for big accounts different passwords. It might sound stupid (who would want my boring data?) but if you don’t be fast the day it happens you might need to restart your internet life. And for people who actively use things like Facebook this could even change something in real life.