Bitcoin Forum

Similar stories appeared last year but there is now a new breach and Troy Hunt, owner of the website Have I Been Pwned (HIBP) has found a huge list with 773 million hacked user accounts including emails and passwords! The list contains more than 21 million different passwords.

This would be a good opportunity to do a check on the email addresses you use and see if any of them is found in the list on Troy Hunt's site.
Go to: https://haveibeenpwned.com/ enter your email address and click on pwned?
If your email address is found in the list you will receive feedback from the site that you have been pwned including from which site the leak probably came from. In case your email address is in the list - change your password!

You can also use the site to check if your password/passwords are found anywhere in the list. I wouldn't suggest doing that but if you want to check do it at your own risk!
The site doesn't show the hacked passwords and they are also not saved on the website for security reasons.


More info about the data breach:
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
Website: https://haveibeenpwned.com/


Source:
https://bitcointalk.org/index.php?topic=5098731.0

Never trust hackers
I doubt they are doing this for free.
Let's think of it. You have to options, right!

The first is to check with email. You may think that there is nothing to lose since you are not giving them your password, well, think again: they have more than 730 million email address and they don't know which of them are important, so when you enter your email, they will know that it is an active one and you care about it.

The second is to check with password. Doing it without providing your email seems to be safe..
In fact, it is not. Passwords are usually saved as hashes, so there is no way for the hacker to find the real password. When you enter your password, the hacker will hash it and compare it to other hashes in his database.

So, just change your passwords silently without letting anyone knows about it.

I don't know how the site works just want to ask if how the pwned button works?

I tried it and it shows this

https://i.imgur.com/pyK1wdi.png?1

What does it mean? How can I find my email and password? I'd like to know so that I can change my email password again. Thanks

It means your email and possibly other data were leaked from 22 hacked websites and this email was published for public in 3 times/websites like pastebin.com

Scroll down a little bit and see which websites you used have been breached. Then go there and change your password.

You can't see the password.

one thing to keep in mind is that if you have signed up on bitcointalk in 2015 and before that means the Email address that you used to sign up with is already in that list and the site shows it at "pwned" since bitcointalk database was hacked. but that doesn't mean your "Email" password is also hacked because the database obviously didn't have it!

The site might look innocent and helpful, but it might be more sinister than that. Let's dissect my statement and explain it a little bit further. The moment when you query a email address, it flags that email address in their database as one that are active and possibly one that has some significant value to them.

They might have a database of email addresses that are used, but they do not have the passwords or it might never have been hacked. They just want to know which of those addresses are still active and has some value for their owners, so that they have good victims to target.

Nothing in life is FREE, everything come at a price.  >:(

Well, shit. I got pwned 5 times and have already received password resets and incorrect logins on certain websites I visited.

Basically the PWN thingy is the number of times your personal details have been leaked out. For instance, if you have registered on a site affected by the leak, that counts as a PWN.

Unfortunately there's nothing you can do once your email (and passwords) been exposed. Your emails are used to spam others and "break-in" to sites. Only change your password(s) and use super complex combinations.

I've used HIBP and for the very first start of the year my email was pwned and it's the 4th time.

This is the truth, every time you are curious checking your email if its pwned or not, they get the benefit whether that email was pwned or not.

You are both right. There is indeed that possibility. Everything can be made to create the impression that it was created to make something better or provide help while in fact its purpose is quite the opposite.

I have one email address showing their that it has pwned. What I will do now? Found no copy paste for password. Is it okay or I have to change password.

You just found out that hackers have your email address and you're asking us if you should change your password or not?

Ok...yeah....you might as well change your password to something like Password1.

Why would you ask that question? When in doubt refresh the production you have for your sites!

I guess this is the best way to do,why need to look for your name on the list when you can just change you password now after reading this,so we can prevent being a victim of what is intention behind all of this,if he hacking is truthfully happened or this site might be the real one,nobody knows right?zso changing our password the momn you read this is the most safest way to do

Just change your password quickly and create a password that is a combination of text,numbers and special characters.