I got Breached

The following post will be in English, i might rewrite it in german later on.

Basically, what happened is that i was notified of my data being leaked after a so-called breach got shared online. Here’s the whole story:

Pure Luck

It started with me hanging around in a random forum, with a chatbox having an active discussion about Account Security. I as interested and decided to read the conversation, until someone suggested to everyone to check their accounts on http://haveibeenpwned.com. I sort of remember the url, yet was unsure if it was actually a legitimate service. After browsing the site i then decided to check my mails and usernames for any breaches, resulting in nothing. I came back to the site a bit later to set up the automated message for my email if something happens to go wrong and i would need to take action.

After the signup and confirmation progress i actually recieved message which told my about a new breach and if i was perhaps willing to help verificating the breach and if it was legit. After accepting, i was sent a description of my password and my username, which were correct. This obviously scared me since there was alot of stuff i put hard labor in such as my Youtube Channel http://youtube.com/hennihenner and Reddit, Twitter, Steam, etc.

 

Taking Action

The issue is that i am using the same password since 2011. Bad idea. Although there is a chance i used a variation of the password, knowing a part is a part too much. So i decided not to panic and rather take serious action. Starting from my E-mail Accounts, to my Social media, and then things like Steam and special game accounts. And although i am still not done and got all passwords changed, alot of them now have singular passwords which are only noted down in a physical book (which doesn’t have „PASSWORDS“ written on it). This will be a huge fallback in terms of entering passwords quickly, but i will eventually get in the hang of it. This is much better than having a bulk of accounts on one branch waiting to be cut of by someone – since the old password is online – and then perhaps stolen or used for spamming everything you don’t want to be spammed with. I even changed things like AppleID and such, since those contain actual money and that would be rather bad.

I am probably lucky for being so quick about things since right now apparently no one has accessed any of my accounts or changed passwords. The whole thing resulted in something that i wanted to have done a long time ago but always wasn’t in the mood of spending 2 hours finding accounts and going through the verification processes. I ended up using a password generator „XKPassword“ to customize my password style and not have completely random stuff waiting to be memorized.

 

Conclusion

Do not have everything on one password. I was told this many times aswell, but was always defending myself with things like „But i only use safe websites“ and „Why would someone hack something that doesnt contain money“. But now it happened. I would probably recommend everyone either change passwords regularly (which is alot of work and will just end up in a mess of letters and numbers) or have atleast for big accounts different passwords. It might sound stupid (who would want my boring data?) but if you don’t be fast the day it happens you might need to restart your internet life. And for people who actively use things like Facebook this could even change something in real life.

 

YouTube

Twitter

Advertisements

5 Gedanken zu “I got Breached

  1. Hi Henni!

    Why not use a password manager such as 1Password, KeePass, or LastPass? This way, you only have to remember one password and you can have *really* strong and unique passwords for all the services you use. And many of those tools even have an option to synchronize the passwords across all your devices, even your smartphone!

    Cheers
    Thomas

    Gefällt mir

  2. I had an incident happen where a tool downloaded onto my machine and extracted all the passwords from chrome. My fault. I realized it, found the the extracted file, then sat with my wife for an hour changing all of the passwords. Scary. We ended up turning on 2FA where possible. Now I use a password manager to generate 20+ character passwords for all the sites.

    Thanks for sharing your story.

    Gefällt mir

      1. True. Yet overall keyloggers and other programs trying to steal sensitive data while already being on your system are a whole new level, and the only thing that really makes sure to get rid of it is formatting a computer.

        Gefällt mir

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s