|
2.2 Billion Pwned Accounts Found In A New Data Dump
These user database dumps are becoming all too. frequent.
Check if you've been compromised on https://haveibeenpwned.com Quote:
|
Hummmm.....
But Currently Sober loves the title |
Quote:
|
I entered a fake email and it says it's pwmed!
|
Quote:
|
Haha, naive people put their email here and get subject to spam :) It's just a mail collection service. They have no more knowledge of if your mail got hacked then you do.
|
Quote:
It's ill informed crap like you just wrote that makes the Internet a more dangerous place, because when security specialists develop tools to protect you all you can do is try to tear them down. https://en.wikipedia.org/wiki/Troy_Hunt https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F |
Quote:
|
Quote:
It's externally audited and trusted by AusCERT. I can't believe the number of dumb fucks in this thread who have no idea what they're talking about. Edit: you can voluntarily sign up to be notified of breaches, but to suggest that he harvests emails entered into Have I Been Pwned is ridiculous when you consider the significant scrutiny the service receives. |
Quote:
Nowhere in his TOS does he say no third parties can pay him to send out promotional emails on their behalf. Also, he uses Sendgrid to send out emails Sendgrid TOS states that third parties are allowed access to the data, it's under "service data" in their TOS. |
Troy Hunt uses a fake pseudonym.
|
Quote:
When it comes to technology most of you GFY folk are fucking peasants. No wonder mainstream eclipsed adult, it's because most people left in adult are luddites, clinging on to old versions of PHP and Wordpress, using insecure outdated scripts and probably re-using passwords on a multitude of websites. You have no idea what K-Anonymity is, or how it's used to cross reference compromised passwords without passing on the password itself, you have no idea what AusCERT is, you probably don't even know how numerous services use the HIBP datasets to protect you on a daily basis. I can't deal with this level of stupid that most people here exhibit daily. |
Quote:
"HIBP provides an opt-out feature that removes the email address from public visibility. It does this by flagging the record as being opted-out rather than permanently deleting it..." I'm not saying he's a bad guy or nefarious in any way. Just the facts. Facebook famously said they don't give your data to third parties, they just let them access their database of your info. |
Quote:
|
Quote:
|
Quote:
The section of the TOS you referenced refers to dump data not sign up notification data. You can opt your email out of the HIBP database and then it won't return Pwned on a search, but it remains in the database because it's a fundamental part of how the database works. Also email addresses change hands, eg: [email protected] which is why they're flagged and not removed from HIBP dump data. Furthermore the dump data has already been made public on pastebins and other such services by hackers, deleting an email from the HIBP database doesn't magically make the email address disappear from the dumps out there on the web. |
Quote:
|
Quote:
However, what i do know, and can prove, is that i put a bullshit made up email that came back as "breached". And no, no one else has tried that one since i would sooner win the lottery then for that to happen. What i did then was try an email i do own that i didnt register anywhere, and it also came back as "breached" and it even lists the databases it is on, and it lists sites that i didn't visit EVER. It listed just some random sites that the guy presumes my ip uses. So yea, it's a hoax to capture emails. But by all means, go and put all your mails in there. |
Quote:
|
i am with AK on this one, i have used that site before and its trustworthy.
why not test it, make new email account and use it on haveibeenpwned and nowhere else., and wait and watch if you get spam mails. and besides, why he needs to collect email addresses ? hes already got like billion+ valid email addresses. just saying. |
Quote:
He also has millions of invalid email addresses in the database. Hackers who sold these dumps on the black market used to pad them out with made up addresses in the same way spam list sellers used to do 20 years ago. If you make up an email address and it comes up as Pwned that's simply because the email address has been used in the way described above. Troy Hunt is an acclaimed security researcher and has world wide respect in the Internet Security sphere. He's advised Governments, companies and even commissions of inquiry. He makes big money from his well regarded courses, his directorships and his work for various organisations. It's laughable to suggest that he would risk all that by building his own spam database. Anyone in this thread who has suggested he has nefarious intent obviously doesn't follow anyone of note with regard to security research. For those interested in becoming more informed, here are some security related Twitter accounts to follow: https://twitter.com/blackroomsec https://twitter.com/th3j35t3r https://twitter.com/ericgeller https://twitter.com/runasand https://twitter.com/savagejen https://twitter.com/evacide https://twitter.com/shehackspurple https://twitter.com/L_AGalloway https://twitter.com/swagitda_ https://twitter.com/HydeNS33k https://twitter.com/MalwareTechBlog https://twitter.com/briankrebs https://twitter.com/aprilwright https://twitter.com/theroxyd https://twitter.com/Fox0x01 https://twitter.com/SwiftOnSecurity https://twitter.com/IanColdwater https://twitter.com/vixentael https://twitter.com/rmitera https://twitter.com/KseniaDmitrieva https://twitter.com/Alyssa_Herrera_ https://twitter.com/gynvael |
Quote:
:2 cents::2 cents::2 cents: It's totally retarded what ladida says |
Quote:
He's an "Australian" so you are blindly letting his cum pump down your throat. You are truly a fucking idiot. His TOS specifically states that the emails in the database he owns ARE NOT DELETED :1orglaugh:1orglaugh:1orglaugh People don't delete emails for a reason you stupid cunt! :1orglaugh:1orglaugh:1orglaugh |
Quote:
Furthermore the dump data has already been made public on pastebins and other such services by hackers, deleting an email from the HIBP database doesn't magically make the email address disappear from the dumps out there on the web. As far as 'stupid cunts' go, you are obviously intelligent Bladewire and I often agree with you, but you're a bit like that firecracker that you light that just fizzes out. So much potential lost, a fizzer. |
Quote:
|
Quote:
|
Quote:
Quote:
Quote:
Quote:
|
Quote:
Quote:
Quote:
Quote:
Fucking simple peasants on GFY. I can't believe I didn't pick up on how technologically inept most of you are here a long time ago. |
Quote:
For all my email addresses all the breaches listed are services that I actually used that email address for. It is 100% accurate, not something random as it also includes smaller breaches for lesser known services that I used. Basically all this tool does is match the email address you enter against all the breached databases and tells you if it appears in one or more of them and tells you which one(s). Then they have an additional service where you can sign up for automatic warnings for new breaches, where when there is a new breach it matches the subscribers to the email addresses in that breach and emails you if it found your email address in it. They also allow you to opt-out for breaches appearing when searching for your email address. So when someone searches for your email address it will return it was not pwned. This does not remove your email address from the databases, it just sets a flag that when that email address should return no results. That's all there is to it. It's a very basic lookup tool and notification service that is made to help people be more secure. People thinking otherwise really have no idea what they are talking about. Do you think if there was any doubt about this all the big security research sites and major news publications would constantly link to the site. |
Troy Hunt is Australian so you can't have a logical fact based discussion with AdultQueen about Troy Hunt storing, and not deleting, email addresses submitted to their notification service and processed through third party email service provider SendGrid.
AdultQueen licks Troy Hunt's asshole clean because he's a fellow Australian, he literally has a God complex for him. The facts are, per the haveibeenpwned.com TOS and SendGrid's TOS emails submitted to the haveibeenpwned.com notification service are never deleted, even when you cancel the service, and data submitted is accessible to third parties via SendGrid, as stated in SendGrids TOS. No big deal for anyone, very standard. |
Quote:
Does this mean that the email is currently conpromised? Was at one time compromised? Or does ot mean a service that you have used with that email address was compromised. Can you do your best to elaborate please |
Quote:
You would also know, if you followed closely, about the work done on K-Anonimity, which is used to protect passwords used on 1Password and other services. And if you followed really closely on security and privacy matters then you would clearly know of an issue I found and disclosed two years ago relating to a failing in the de-identification of Australian Census data. |
Quote:
What it means is that the email address together with passwords and other identifying data has been disclosed in a breach. Some of these breaches are self disclosed by affected companies but usually they are disclosed by hacker database dumps being found by security researchers. If your email appears in a breach then the breach will be listed. If you have not changed your password since the date of that breach then you should change it because until you change your password you are still at risk. Simply put, until you change your password on a service that has been breached then you are still compromised. Does that help, happy to expand more if needed. :thumbsup |
Quote:
If you want to continue being unsuccessful don't let verified facts get in the way of your fragile ego. |
Quote:
(Apologies for paraphrasing Paul Keating) |
Not sure it it's fail safe, our bank sends us a code to our phones when we spend online. So have nothing online worth stealing.
|
Quote:
|
Quote:
a) random fake emails turn out as "breached" b) email used nowhere turns out as "breached" and on sites i never visited in my life. Keep foaming tho. Quote:
a) The check would take WAY WAY longer then it's displayed on the site b) He doesn't have database with that many emails 100% c) He probably never even saw 50% of the supposed breached databases as if a company discloses it had a breach, it certainly will not send a list of all the users/emails that got breached to some charlatan running a website who's cock you like to put in your mouth way too many times to be considered healthy. Quote:
Quote:
Quote:
Do you have a plausible explanation as to why fake and non used emails appear "breached" and in sites that i didn't visit 1 time in my life, not even by accident? Just because i came and tested the site with IP that's not my own so it presumed i come from a certain country? Quote:
In reality he can't. Quote:
Quote:
Quote:
Quote:
|
Quote:
Then read these articles: https://www.forbes.com/sites/daveywi.../#40f43f26509f https://9to5mac.com/2019/01/31/2-2-b...s-compromised/ https://www.computerworld.com.au/art...password-dump/ https://threatpost.com/773m-credenti...rk-web/140972/ The only reason I can see why people would dismiss services such as Have I Been Pwned is if they had something to gain from people not being conscious of their security. People such as Brian Krebs and Troy Hunt have long been hated by cyber criminals because they shine a light on cybercrime. I guess you're either one of two things, a cybercriminal who hates these people that expose cybercrime to the general public or you are simply a stupid, technophobic, wannabe, simple GFY peasant. Which one you are I don't care, however I will continue to call out the fuckwits on this forum for the stupid luddites they are. Dude, you're up there as one of the dumbest peasants on this forum. |
I tried 5 different made up email addresses and they all came back negative...the problem with putting in a fake email is that email accounts are sold by the 1000-s...they are generated by bots in the millions and along with the billions of people who use gmail,yahoo etc it is really hard to make a fake email address that nobody has used before...this might explain why ladida got sand in his vagina....
I put in like 2408rfdjw0s2 at gmail and all such queries produced shit...then I used my gaming gmail and it was actually compromised...my gaming gmail address is random numbers and letters also... |
It's funny that his own email address was pwned. Some security expert lol.
|
Almost certainly many people's email addresses will be in some dump/paste somewhere. And that's ok if you frequently update your password every couple months But... the cool part is you can run through passwords you've used and see if any of your actual password have bene pwnd https://haveibeenpwned.com/Passwords
|
Quote:
Quote:
Brian Krebs is actually someone that does good things and not harvest emails for spam. Please dont drag the guy's name through dirt by lumping him in with your spam cock assistant. Quote:
|
Quote:
In facts, Brian Krebbs is probably the most respected Security journalist on the planet and has included Have I Been Pwned in his articles numerous times. https://krebsonsecurity.com/tag/haveibeenpwned-com/ Would Brian Krebbs recommend the service if it wasn't the real deal? As I said mate, you're the little village peasant. You wrote Quote:
Go away, little village peasant. |
Quote:
|
Quote:
Code:
KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold SecurityQuote:
|
Quote:
In an article about an ILLEGITIMATE hack checking database, Brian Krebbs wrote: Quote:
You said this: Quote:
Maybe you can also explain why Brian Krebbs appeared with Troy Hunt at a security conference early last year? Mate, you've just Pwned yourself. Clueless useless peasant. |
Quote:
Don't even know how to react to all of this. You are either trolling or very very stupid. |
Quote:
|
Quote:
Quote:
|
| All times are GMT -7. The time now is 10:14 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123