Forum hacked?

Two days ago I received two identical emails purporting to be from myself. The contents were mostly unicode, but I think the intended font was Japanese. What struck me was that the subject header was my password to this forum, in doublequotes. I have changed it now, naturally. It was a word I used to use for various passwords but for sites now defunct. Have any other subscribers to this forum experienced anything similar?

Not yet…

Have you used the same password on any other sites? Check the eMail address you use here on haveibeenpwned.com to see if the password/email address pair have been leaked via a data breach.

Have any other subscribers to this forum experienced anything similar?

Yes, I receive several a month!

Check the eMail address you use here on haveibeenpwned.com to see if the password/email address pair have been leaked via a data breach.

Wait… So we’re supposed to go to a third party site and enter valid email and password combinations? Riiiiiight. Doesn’t need a password, just an email address.

Yes, I receive several a month!

With your forum password in the subject line?

Not yet…

Clive – your details were swiped twice – Adobe and Dropbox.
Gavin – ditto from NemoWeb and River City Media.

My addresses have also been involved in random hacks, but I’m not aware of any compromises other than Yahoo’s stupidity. MySpace got taken too but I’ve not been there since forever.

Best approach is to assume that any site you visit is liable to compromise, and those that have not…will be soon. Don’t recycle passwords.

Clive – your details were swiped twice – Adobe and Dropbox.

Interesting – thanks, Rick. Luckily I used different passwords on those from anywhere else! And don’t use either Dropbox or Adobe any longer at all.

With your forum password in the subject line?

No, a password from a compromised site.

Don’t recycle passwords.

Very good advice, never use the same password twice. Either use a password manager or a means to make each password unique to each site that you can remember.

I never use the same password twice, so I just change the relevant site password that was compromised. I also never use the same eMail address twice, so I know exactly where the source of each breached was.

What many folk won’t realise is that by registering with sites, particularly big name sites, you’re very likely giving them permission to share your information around, so breaches can be via sites you’ve never registered with!

Gavin – ditto from NemoWeb and River City Media.

Thanks Rick.

NemoWeb seem to have something to do with WordPress and so does RiscosBlog – and I am ashamed to say that I used the same password for that. As for River City Media, they may have obtained material from the Marriott Hotel plunder. My wife and I had a very agreeable holiday in Corfu in October. I have discovered that our hotel was part of the Marriott chain; in fact they emailed me to say that my information might be compromised. I have since changed my credit card, as I used that to settle the final bill.

Clive – your details were swiped twice

I put in two variants of my work email address, one with and one without an “n” on my first name. It claims both are “pawned on 1 breached site” but since one of those simply does not exist I rather wonder what said site has.

As I recall one we were notified of at work the other year had NHS digital all of a flap and checks showed they had a list of email addresses only.

To set peoples minds at rest about the state of the ROOL forums my details used here do not figure in their “pawned” list. If you trust their data.

If you trust their data.

Well, Adobe and Dropbox are certainly sites I have used in the past (but not for quite a long time).

The only site I’ve been impersonated on was Facebook, as far as I know, and the impersonator didn’t have my password, just my name and a photo of me that’s been on public display for years. Didn’t do anything to my own presence, but did manage to get “friendship” from several of my friends before he/she/it was unmasked and removed.

As Jon says, the sensible thing to do these days is use different email addresses for different sites/organisations/etc.

Not only does this make it possible to identify where a breach occurred if you start getting emails that include your password, but it also offers a degree of protection.

If x@y.z + 1234 is the address/password combo for a breached site, that combo will be tried on other sites. With unique email addresses AND passwords, not only will ‘1234’ not be valid, but nor will x@y.z.

I go one step further: I have a domain on which I’ve set up several subdomains for different categories of organisation – so each unique email address is on one of half a dozen different subdomains. In most cases, the xyz@ part is then not as simple as ‘their name’ @ my subdomain.domain – it’s usually based on their name, with a few numbers thrown in as well.

The domain name itself contains the word ‘spam’, so where it all falls down is when a human being looks at it and concludes it’s probably bogus, or a black hole. I get that a couple of times a year on average. :)

The domain name itself contains the word ‘spam’,

:) I put my first initial straight before the first letter of my first name and…

People may recall me using spam.pling@, in various ways, which is a perfectly valid combination for a user in any domain and is also a small play on words/sounds involving the name for !
For some reason those addresses have never attracted much spam.

:)