Questions tagged [breach]
48 questions
0
votes
0 answers
Were Heroku's standard git repositories accessible by April 2022 attacker?
In their communication about the april 2022 breach (summary here), Heroku mentioned that organizations with the Heroku Github integration got their source code potentially accessed by the attacker. Indeed the attacker had acquired OAuth tokens,…
![](../../users/profiles/242829.webp)
Vic Seedoubleyew
- 31
- 9
0
votes
0 answers
Google says my password has been found in data breach. HIBP knows nothing about it. Which data breach was that?
I've been using Chrome to save and sync my passwords across devices (and lately I am trying to switch to Bitwarden). Google warned me recently about a password I have used across multiple sites that have been found in data breach. However, if I…
![](../../users/profiles/104628.webp)
dragi
- 101
- 2
0
votes
1 answer
How to secure Laravel website against the ongoing massive exploitation
My website built upon Laravel is currently under attack.
Only the index.php file was changed, and by that I mean that every line of code is inserted above the original Laravel code. So this code executes before the legitimate Laravel code.
It is…
0
votes
0 answers
Historical examples of breached TOTP secrets?
While reading about password breaches, it occurred to me; where are the TOTP shared secret breaches? Because TOTP relies on a shared secret (unlike say U2F) the server has a copy of the shared secret, which lends itself to the same vulnerability to…
![](../../users/profiles/261890.webp)
user8187
- 141
- 1
- 6
0
votes
2 answers
How are data breach lists sourced and distributed?
I understand at an elementary level how data breaches tend to be distributed, starting with friends of the attacker/discoverer and then being distributed via forums, paste bins, etc. However I was wondering is there a common location/forum/method…
![](../../users/profiles/257791.webp)
Rivesticles
- 644
- 3
- 13
0
votes
1 answer
Database of breached websites
I run a website with a user database. I have an account with my email and I put it on a website like Have I Been Pwned, which does not reveal a breach. I also check the website's list of breaches to see if my website is included, which is not. I…
![](../../users/profiles/176703.webp)
miguelmorin
- 103
- 4
0
votes
1 answer
How to monitor your user accounts for breached logins?
On a few rare instances, I've received an email from a website notifying me that my email and password were found in batch of harvested logins, and they then force me to change my password.
This has only happened on a few very old unused accounts…
![](../../users/profiles/22075.webp)
Cerin
- 101
- 1
0
votes
4 answers
Why can't you use the same password for every site, if they are hashed on the site?
I've often heard people talking about not using the same password on every website. What's the deal if servers store passwords in a SHA hash instead of plain text? The most they can do is spam you with junk mail, right?
0
votes
1 answer
How Were FireEye's Tools Exfiltrated?
What was the mechanism for exfiltrating FireEye's redhat tools in the recent SolarWinds hack? I understand it was via HTTP (small packets to many servers)? Are there any further details?
Is this a likely ongoing systemic threat or can it be…
![](../../users/profiles/9168.webp)
Ryan
- 173
- 1
- 4
0
votes
1 answer
How do maintainers calculate x number of accounts compromised by hack?
I am always curious by reports in the news of big network sites getting hacked and the report confidently stating a statistic such as "only 10,000 users were affected" or "Microsoft confirms 40,000 accounts compromised".
Here's just a few examples:…
![](../../users/profiles/235820.webp)
Martin Joiner
- 101
0
votes
0 answers
Has this PC been hacked? What's going on?
I'm reasonably technically competent, but I don't know how to interpret this PC issue. As its a real-world incident, there's some back-story.
I'm in the UK. The suspect PC runs Win8.1 up to date, used for simple desktop stuff by a family member.…
![](../../users/profiles/81893.webp)
Stilez
- 1,664
- 8
- 13
0
votes
1 answer
Database breach protection
I'm developing an API which requires an API key to use. These keys are assigned to users. To figure out which user the key belongs to, I have to store some information in that key. But I don't want it to be seen by "others". So I want to encrypt…
![](../../users/profiles/234426.webp)
DoomBro_Max
- 3
- 1
0
votes
0 answers
What authentication systems have been involved in data breaches?
Recently, a Federal Judge ordered Marriott to reveal the forensics report for its data breach. I know the Courts have sided with businesses in the past to keep the forensic details of breaches from public disclosure (this may now be changing). And I…
![](../../users/profiles/218470.webp)
gethopr
- 31
- 4
0
votes
1 answer
Why would I 'have been pwned' on a website that I never had an account on?
I was recently sent a notification by https://haveibeenpwned.com/ that one of my email addresses has been found in a breach, in particular in a breach of https://www.chegg.com. I am positive I never signed up for an account there, it's a US…
![](../../users/profiles/19973.webp)
Sebastiaan van den Broek
- 257
- 2
- 12
0
votes
1 answer
Phishing emails and securing set up from compromise?
I'm a one-man company and I'm getting a lot of phishing emails very similar to the emails from companies I use.
Some of these companies and the emails we exchange are very unique. How would these malicious senders 'learn' the type of emails and…
![](../../users/profiles/213517.webp)
adam78
- 101
- 1