Cracked Passwords List Leaked, were you cracked?

[andyb]

my very simple password (6 numbers +username) wasn't in the list, so I believe that this list comes from phishing/key logging or something like that. I changed ALL my passwords to random characters after Mt.Gox got hacked (had planned it for a long time, but never got around to it), before this I was using the about 3 passwords for everything.

I would also check https://shouldichangemypassword.com/ It correctly reports I've hade my password compromised once on June 19, 2011. I got an email from Chase about my account on June 20, so it seems pretty accurate.

I asked it if the following passwords had been compromised and it told me they were safe.

- password
- password1
- password123
- p@ssw0rd
- P@ssw0rd
- love
- hackers
- superman

In https://shouldichangemypassword.com/  you should input the e-mail, not the password BUT they seem to have blacklisted the whole list from mtgox. I tried bulks of 10 from around the list, and they are all listed as "hacked"

[1715250354]

1715250354

[1715250354]

1715250354

[1715250354]

1715250354

[finack]

BUT they seem to have blacklisted the whole list from mtgox. I tried bulks of 10 from around the list, and they are all listed as "hacked"

That's the point of that url - they combined a bunch of lists of leaked account details - if your email is associated with any of them it tells you. Technically it's "has a hash of my password from a site been released publicly" it doesn't care whether the hash has been cracked or not, and rightly so.

[kloinko1n]

yes, my password was cracked but i was just testing mtgox with no intention of trading at that time, so it was very weak.

My password was NOT cracked.

My password consisted of 18 characters, of which only 9 alphabetical and of which 3 were capitals.
The rest consisted of 3 randomly chosen numerical characters and 6 non-alphanumerical characters.

The mtgox website wrote after 'the incident' that accounts with 'sufficiently complex passwords' would be re-instated automatically.
Well, that didn't happen. I had to reclaim my account, got a new password. And it worked for 1 day.
Now my password is invalidated and mtgox does not reply to my requests for a new password:
If I go through the "password forgotten" procedure at login, it says it has sent a new password to my email, but non ever arrived.
Now my IP is even blocked 'due to too many failed login attempts'.

There are BTCs and USDs in my account there and I am getting really pissed!

[bcearl]

I changed ALL my passwords to random characters after Mt.Gox got hacked (had planned it for a long time, but never got around to it), before this I was using the about 3 passwords for everything.

I did exactly the same, I also wanted to do it all the time.



My MtGox password was different from any other fortunately except this very forum. But it has a little similarity with my standard passwords, so I fear that people might crack those more easily.