Questions tagged [breach]
48 questions
107
votes
7 answers
Is it safe to give my email address to a service like haveibeenpwned in light of the publication of "Collection #1"?
There is a new big case of stolen login/password data in the news. At the same time, I am reading that there are services that let you check if your own login data is affected, e.g.
Have I Been Pwned.
Is it safe to enter my email address there to…
godwana
- 931
- 2
- 5
- 4
76
votes
5 answers
How can I be pwned if I'm not registered on the compromised site?
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password),…
AncientSwordRage
- 1,925
- 4
- 17
- 19
48
votes
10 answers
Global variables and information security
I get the impression that it is a programming best practice to create variables in specific scopes (like a function scope) and avoid global scope to make things more modular and better organized. However I'm not sure if there is also a security…
user123574
11
votes
1 answer
Why are water treatment facilities or similar connected to the internet?
I have a (sensitive) background in security, in short, I believe that the infrastructures MUST NOT connect to the internet. If you connect to the internet, it is a matter of time before it is breached.
In recent news
An unidentified hacker has…
kelalaka
- 5,409
- 4
- 24
- 47
9
votes
0 answers
SolarWinds Orion SAML compromise mass cert update
SolarWinds Orion customers have suffered some network compromises according to news reports.
One report says, right at the end of the article, that SAML2.0 signing certificates may have been compromised.
From the point of view of a SAML service…
O. Jones
- 359
- 1
- 4
9
votes
3 answers
Is there a benefit to using a different email for every online account?
I have a domain email address which in addition to being able to create multiple mail accounts allows the creation of aliases for each inbox.
Is there any benefit to security in using a different email alias for every website/service I have an…
Wuubb
- 91
- 2
8
votes
2 answers
GMail Hack with 2-Factor Auth enabled
I have my business email on GMail. I use 2-factor authentication for access to said business email. I access my business email from 2 computers and 1 mobile Android device. I do not use Outlook or any email client I access it solely through the…
PLBarton
- 81
- 4
8
votes
2 answers
Why is breach-detection site "Have I Been Pwned" considered safe?
Whether it be due to technology the site is using, or any manual behind-the-scenes work with the data, why does this breach detection site seem to be unquestioningly safe?
Wouldn't the data of you, as a user(breached/pwned or not), utilizing this…
Nohbdy Ahtall
- 91
- 1
- 6
7
votes
2 answers
Does cloudflare protect against BREACH attacks?
I know that enabling http compression would make a server vulnerable to the BREACH attacks. So we have disabled compression from the server side, tested and it was all good.
Then we implemented CloudFlare for the instance. We performed the SSL…
Anonymous Platypus
- 1,392
- 3
- 18
- 33
5
votes
2 answers
I woke up and my email has been signed up to hundreds of online services. How can I fix this?
I woke up this morning to over 900 emails of several online services asking to confirm I’ve made an account. Last month my email had been compromised and they managed to get into my eBay and Amazon accounts. I managed to remedy the situation, and…
Yo average commenter
- 51
- 2
4
votes
3 answers
How are websites actually mititating BREACH? (HTTPS + compression)
After reading some popular questions and answer on this website about BREACH, the only advice seems to be: don't compress anything that might contain secrets (including CSRF tokens). However, that doesn't sound like great advice. Most websites are…
reed
- 15,398
- 6
- 43
- 64
4
votes
1 answer
Repercussions on Google account used to access a compromised service
Suppose the following scenario:
A cloud service reports a breach in which user account information (usernames and password data, e.g. password hashes) was accessed.
The attacker has sufficient resources to recover passwords from the hashes…
user149408
- 347
- 2
- 9
3
votes
2 answers
Does replacing the SIM card mitigate any threats after a serious data breach?
I recently heard that a telephone company (a mobile network operator) was hacked and lots of data was stolen, maybe affecting up to a million customers. It sounds like the leaked data is already available on the dark web, and it includes all…
reed
- 15,398
- 6
- 43
- 64
3
votes
0 answers
Any data on how many users change passwords after a breach notifcation?
Does anyone know of any study or any data whatsoever which might indicate how many users actually change their passwords after they have been notified that their credentials appeared in a breach?
john doe
- 648
- 4
- 15
3
votes
4 answers
How to investigate an IP address that was involved a security breach?
I'm wondering what one can do if they have the IP addresses that were used by the attackers during a security breach?
The specific situation is this - recently two of our servers were hacked into and taken offline. After we regained control I…
Abe Miessler
- 8,155
- 10
- 44
- 72