Warning from Experian
GavinWraith (26) 1563 posts |
We have found your personal details online . Apparently my email address and password have been sold online recently. The particular password found (now changed) indicated that the compromised sites are either www.iconbar.com or nforum.ncatlab.org . I logged into iconbar but could not access the page to Let us know because it said that my browser was not giving away its identity (it is Chromium under Raspberry Pi OS), so I might be a spammer! I think on the whole that the nCat forum is likely to be more secure than iconbar. I post this here in the hope that somebody responsible for the iconbar site sees it. |
Stuart Swales (8827) 1357 posts |
I think some of these are likely false positives; for instance, I have reports that a couple of my emails had been leaked by gravatar.com, and I know that I only ever had one email there, which wasn’t either of the ones reported. |
Rick Murray (539) 13840 posts |
Did it provide a password AND an email address? I get warnings every so often from Chrome on Android that my password has been found in a data breach; and it is usually the password of a less important site where I just picked a word and, you know, the chance of somebody else picking that particular word is non-zero. Unfortunately Chrome doesn’t make a clear association that it was the password and the login name (and I know it doesn’t as one of the found passwords was a test on my own server that used the username “kittykittykitty” which I’ve never used online), thus indicating that these messages are more “we think your password isn’t great so we’re going to scare you into making a better one”. How does Experian know it’s you, anyway? Do you only ever use the one email address? I have about eight addresses that I typically use, my main (domain) address is rarely given out, and I have around sixty spamdrop addresses made in Yahoo (like “heyrick<keyword>-<keyword>”) so if something gets passed on to a third party (like advertiser scum), I can identify who leaked. Ironically, the only big bump I’ve had in unwanted spam came suspiciously right after using my email address to order a replacement passport. You know, given that some of Britain’s government portals are more than happy to toss information over to dodgy Chinese ad brokers… https://www.theregister.com/2024/04/24/ads_on_gov_uk_websites/ (WTF are there adverts on, what I presume, are publicly funded websites? Yet more evidence of the endless depths of Tory corruption?) |
GavinWraith (26) 1563 posts |
Only part of the password, one that I started using maybe thirty years ago.
Up till recently, yes. I am a bit thick and a creature of habit. In the early days of the internet, security concerns only rarely arose, so be kind and put it down to habit. I think from now on I shall start to adopt multiple personae. On another tack, I just succeeded in reinstalling Manjaro on my Pinebook Pro. After an upgrade a couple of weeks ago, sound and wifi ceased to function on it. This is fairly common to judge by the Manjaro bulletin boards, and Andrew Rawnsley even has a printed sheet of suggestions which he hands out to clients. However, in my case they did not work. But reflashing an image to the NVME board is incredibly quick, but fiddly. Thirteen screws, as small as fleas, must be removed and put back in the process. There are probably slicker ways of doing it which I have not learned yet. |
Steve Pampling (1551) 8170 posts |
I do sometimes question these things. Sometimes the organisations concerned are heavily pushing their own agenda. A number of years ago a company (script kiddies to be brutally honest) did a cyber audit and flagged my password as weak and easily revealed as part of a common word dictionary hack. Untrue, but they may have been annoyed,1 but even so they were unprofessional in suggesting that I was the sole person with a weak password – which it was not. It was a nonsense construct which included upper/lowercase and letter number substitutions as the system policy refused any that did not fit that pattern, they would not reveal the actual password to our cyber guy “for security reasons”, I did reveal it, “for anti-bullsh** reasons”2, just before changing it. 1 They had just got themselves settled at a live data point, ready to begin work, and I asked whether they needed anything. “No, run along” was the brusque reply. A couple of hours later our cyber guy asked whether there was anything unusual about the settings for the port they were having problems with, and I said “No, same settings as every other port in the offices. Same auto-neg RADIUS auth etc” “Ah. Could you remove the authentication requirement as they can’t connect…” 2 It was very obvious it was not a candidate for dictionary attack, nor with its length and complexity would it be a simple crack. They have never been considered for the job since as ‘getting revenge’ on such things is never viewed as adult. |