Bitcoin Forum

This info has been going around quite some time now but I just wanted to share with anyone who hasn't heard it yet. The article explains how was found out that 773M emails and over 21M passwords were hacked and leaked on what is thought to be the largest email hack ever. https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/

What does this mean for me?

Like everyone I have my email address linked with several exchanges with several open orders in buy or in sell. That being said if someone was to find my mail address and password would try and enter on those exchanges. I've activated 2FA on every exchange but it doesn't feel good to know that I might be one of those 773M hacked email. My coins are on my hardware wallets but I have some other on exchanges on buy and sell orders. With one email hack I could lose some money. Luckily there is this website  https://haveibeenpwned.com that finds out if your email has been hacked or not. I tried it and fortunately my main account I use on most exchanges is safe.
I suggest everyone to give it a try and if you find out smth that you don't like I suggest you change the email password to start with, and then to change the password on all the exchanges where you have used that email address.

Let's keep our money safe guys  ;)

Password manager + 24 long unique password + 2FA = profit.

Never reuse your password and never pick a shit password (i.e ilovemydog123).

Never got hacked after uncountables leaks.

If you've activated 2FA on your account on exchanges then your accounts should be secured even if your email had been hacked.
This is really a large breach and would lead to loss of lots of personal information if it's true. You can also security your email address using 2FA to keep it protected.

Some password managers were hacked already, sadly. LastPass was hacked few years ago.

Nothing online is 100%

That's why bitcoin solution is amazing: keys are hold offline, unhackable.

Sorry, forgot to mention the word “offline”.

I actually use KeePass as my password manager and only store my db file in a few encrypted flash drives.

Activating 2FA both on exchange and your email will be more better and more safety. Change the password of your email into the stronger one, using the combination of caps number and symbol, it would be more secure.

This has already been posted Pmalek on the forum on January 18th: 773 Million Hacked User Accounts are being traded on underground forums (https://bitcointalk.org/index.php?topic=5099302.0)

Yes and it's been discussed by pmalek and other high ranks like TryNinja and boyptc which give some tips to forum users to change their password to make their account safe to avoid breaches. Well thanks to pmalek to translate the original post - https://bitcointalk.org/index.php?topic=5098731.0.

To be honest I didn't go that long back in the search for any other post. But to be on the safe side I started my post with

Kudos to Pmalek for having post it first and letting everyone know about this 💪

This is why it is very important to use each unique password for each website you register for. Imagine having the one password for both your email and the website whose data has been breached.

In this case, your email can easily get compromised and will be used for resetting passwords for your important accounts in other websites and logging into them if you didn't set any 2FA.

And about 2FA, don't be too confident about it too. If the website does not implement enough protection, it too can be brute forced.
Here is a classic example of such a scenario. It happened on COSS exchange last year. The user lost over 850K in cryptos through this attack.
Reddit user describes 2FA hack on Coss Exchange, over $850k stolen (https://www.chepicap.com/en/news/4665/reddit-user-describes-2fa-hack-on-coss-exchange-over-850k-stolen-.html)

The problem with numbers, special symbols, uppercase letters and other techniques is that people strongly tend to do it in predictable way, like putting numbers in the end, capital letters at the beggining, etc. If you have a really short password that is based on some popular word, it might get cracked pretty fast, even if it has numbers and special symbols. Those types of passwords are usually very hard to remember, and you can get a lot of trouble if it's your main email with no methods of resetting your password. The better approach is to use very long passwords with normal words, if you don't use a password manager, or just random strings if you do.

https://imgs.xkcd.com/comics/password_strength.png

So the hack's origin is apparently unknown, and could very well be just a collection of past hacks:


It's no reason for immediate panic, but it's a wake up call to people who reuse their passwords nonetheless. It's also worth noting that some email providers are better with security than others. Remember the Yahoo breach (https://www.pcworld.com/article/3150953/security/3-billion-yahoo-accounts-hacked-how-to-stay-safe.html)?

I checked my old yahoo mail account and it's shown to have been leaked over 3 times. This is an email I barely used for signing up on different websites... My Gmail on the other side (the one I use for less secure sites) shows not to have been leaked ever. I have used these email hundreds of times to sign up on different websites. So you could be very right.

If you are continuously following safety precautions you need not to worry about being hacked.
But always have a specific email for a specific purpose this also helps ensure business email don't get into the wrong hands

Nothing is safe now look at the recent news for Mac Users.

CookieMiner Mac Malware Wants Your Cookies and Your Crypto Funds (https://sensorstechforum.com/cookieminer-mac-malware-cookies-crypto-funds/)

Use passwords that you never have used before and has a strong combination of characters, letters, symbols + numbers. Don't recycle old passwords that you've been using for different websites.

The internet is always devicing new means of funds theft and privacy leaks, one can not stay ignorant or risk falling victim. Always have more than one layer of security foe any website where you have your assets stored temporarily or permanently. And regular check the current state of your accounts.

You can check if your email and password is compromised.

Email: have i been pwned? (https://haveibeenpwned.com/)
Password: Pwned Passwords (https://haveibeenpwned.com/Passwords)

Actually, I saw it in the German section and shared the info here. So credits should go to patrickrn32 for posting it in the German Local. This is the source where I saw it:
https://bitcointalk.org/index.php?topic=5098731.0

I written in some other topic earlier too, best security is changing the password regularly. Even if your password is hacked you still be safe as your password is already changed.
I agree, more character is better.  Majority people have misconception that strong password are one that are difficult to remember but it is not the case.

Damn, I start using this strategy for some years now and I even memorized my seed. (it was difficult job to keep the order) together with the Walled address.
Long ago I've reinstall my Windows XP so many times that even memorized the CD key and used it for some time as a password :D
Used to mess around with IPv6 addresses so I manage to create a technique to memorize those addresses, i guess for the regular people this will difficulty.

Interesting... It seems like password generators have been making a fool out of us all this time!

I remember a similar mail was sent to many people last year, where the hackers had put their passwords too in the mail and demanded ransom. I believe these emails which get hacked happen due to people entering passwords on sites which are not secured, or downloading files containing viruses which steal their data. I like the 2fa option which helps me be relaxed, also i use passwords of 16 digits so let them enjoy cracking it.

Well, Bitcoin seeds are kinda meant to be memorizable, they aren't called "mnemonic" for no reason. Usually when it is mentioned, someone quickly points out that human memory is horrible and you should never rely on it, and they are totally right, but I think it's always good to have one more additional backup method. I too have memorized my seed, actually more than one seed.

But how did you memorize the address? Base58 sounds almost impossible to memorize, you have to remember the case of each letter.