Go Back   Freethought Forum > The Marketplace > Computers & Technology

Reply
 
Thread Tools Display Modes
  #1  
Old 03-03-2018, 07:33 PM
JoeP's Avatar
JoeP JoeP is offline
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Images: 18
Default Check where your email address was breached

This is fun: enter your email address(es) and see which of the many public data breaches it's in. (I'm looking at you, lisapea.)

Have I been pwned? Check if your email has been compromised in a data breach :freakout:

Despite the spammy-sounding site name and the hackerish logo ';-- ... (a classic SQL injection trick - see Bobby Tables) and the very idea of entering your email addresses on a site because it suggested you do, it seems legit. Have I Been Pwned? - Wikipedia - Is "Have I Been Pwned's" Pwned Passwords List really that useful? - Information Security Stack Exchange

Chances are if you've had a LinkedIn account or a Dropbox account for more than a few years, that email address will be in there (and you will have responsibly changed your password when those providers warned you about their breaches).

One of my email addresses appears in a Neopets breach ... that's obviously going back some time ... when Little Miss JoeP was playing it.

I also realise that I have a lot of email addresses, some of them old work addresses that are no longer active. But lots still active. And the important ones have not been pwned! :D
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:

Last edited by JoeP; 03-03-2018 at 07:47 PM.
Reply With Quote
Thanks, from:
But (03-19-2018), Crumb (03-03-2018), SR71 (03-04-2018), The Man (03-03-2018)
  #2  
Old 03-03-2018, 07:46 PM
JoeP's Avatar
JoeP JoeP is offline
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Images: 18
Default Re: Check where your email address was breached

And if that's not enough for you, enter your password at Have I been pwned? Pwned Passwords and see how unique it is.

'Password1' appears 102,031 times
'P@ssword1' appears 2,580 times
'lisarea' appears 6 times :eek:
'JoeP' doesn't appear at all! :D

If you really want to check a number of passwords and you don't like the idea of entering them over an https link to a possibly trustworthy site, because who knows, you can download the entire 9GB file and check on your own machine. It contains SHA1 hashes not the original passwords because that's just sensible.
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
lisarea (03-03-2018), SR71 (03-04-2018), The Man (03-03-2018)
  #3  
Old 03-03-2018, 07:49 PM
lisarea's Avatar
lisarea lisarea is offline
Solitary, poor, nasty, brutish, and short
 
Join Date: Jul 2004
Posts: XVMMMDCXLII
Blog Entries: 1
Images: 3
Default Re: Check where your email address was breached

Quote:
Originally Posted by JoeP View Post
This is fun: enter your email address(es) and see which of the many public data breaches it's in. (I'm looking at you, lisapea.)
Ha ha, I knew about that site already. Both Matlock and I have been multiply pwned, but because we both have early, sought-after Gmail addresses (and I have more than one), only a couple were actually us.

I also mostly use masked emails these days, but I have like one billion of them, all with unique passwords, so I'm not going to even bother checking them.
Reply With Quote
Thanks, from:
JoeP (03-03-2018), SR71 (03-04-2018), The Man (03-03-2018)
  #4  
Old 03-03-2018, 11:16 PM
Dingfod's Avatar
Dingfod Dingfod is offline
A fellow sophisticate
 
Join Date: Jul 2004
Location: Cowtown, Kansas
Gender: Male
Blog Entries: 21
Images: 92
Default Re: Check where your email address was breached

Pwnd on two of my three. Meh.
__________________
Sleep - the most beautiful experience in life - except drink.--W.C. Fields
Reply With Quote
Thanks, from:
JoeP (03-03-2018)
  #5  
Old 03-04-2018, 06:22 AM
erimir's Avatar
erimir erimir is offline
Projecting my phallogos with long, hard diction
 
Join Date: Sep 2005
Location: Dee Cee
Gender: Male
Posts: XMMMDCCC
Images: 11
Default Re: Check where your email address was breached

2 out of 3, but was forced changed passwords as a result of one, and the other breaches were very old (password since changed) or concerned sites that would've had outdated info...

Probably should change all my passwords anyway though...
Reply With Quote
Thanks, from:
JoeP (03-04-2018)
  #6  
Old 03-04-2018, 10:14 AM
JoeP's Avatar
JoeP JoeP is offline
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Images: 18
Default Re: Check where your email address was breached

I wasn't fishing for the number of email addresses y'all have, but that's an interesting side benefit.

I have several more than erimir and Ding (3) but a few less than pea ("one billion" :drevil:).
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
BrotherMan (03-04-2018), Crumb (03-04-2018), lisarea (03-04-2018)
  #7  
Old 03-04-2018, 07:27 PM
Kyuss Apollo's Avatar
Kyuss Apollo Kyuss Apollo is offline
happy now, Mussolini?
 
Join Date: May 2006
Location: location, location
Posts: VMCCCXI
Blog Entries: 7
Images: 17
Default Re: Check where your email address was breached

Quote:
Oh no — pwned!

Pwned on 7 breached sites and found no pastes...
Bitly, Disqus, Dropbox, Exploit.In (unverified), LinkedIn, River City Media, & Yahoo.

I knew it! You guys was hackerz to my This week's track! :glare:
__________________
This week's track: MINUTEMEN - History Lesson Part II



Reply With Quote
Thanks, from:
JoeP (03-04-2018), lisarea (03-04-2018)
  #8  
Old 03-05-2018, 03:41 PM
Dingfod's Avatar
Dingfod Dingfod is offline
A fellow sophisticate
 
Join Date: Jul 2004
Location: Cowtown, Kansas
Gender: Male
Blog Entries: 21
Images: 92
Default Re: Check where your email address was breached

Quote:
Originally Posted by JoeP View Post
I wasn't fishing for the number of email addresses y'all have, but that's an interesting side benefit.

I have several more than erimir and Ding (3) but a few less than pea ("one billion" :drevil:).
Yahoo (since 1994), Google (since 2003), and Hotmail (2002?). I also have a CoxCommunications.com email, but haven't ever used it. I used to have AOL and Prodigy email addies, but whatever.
__________________
Sleep - the most beautiful experience in life - except drink.--W.C. Fields
Reply With Quote
  #9  
Old 03-19-2018, 08:57 PM
But's Avatar
But But is offline
This is the title that appears beneath your name on your posts.
 
Join Date: Jun 2005
Gender: Male
Posts: MVDCCCLXXIII
Default Re: Check where your email address was breached

Quote:
Originally Posted by JoeP View Post
If you really want to check a number of passwords and you don't like the idea of entering them over an https link to a possibly trustworthy site, because who knows, you can download the entire 9GB file and check on your own machine. It contains SHA1 hashes not the original passwords because that's just sensible.
If you don't want to enter your password and don't want to download gigabytes of data either, you can send the first 5 characters of the SHA-1 hash (or the complete hash) of your password and you get a list of suffixes back like this:

https://api.pwnedpasswords.com/range/5baa6

Quote:
1E2AAA439972480CEC7F16C795BBB429372:1
1E3687A61BFCE35F69B7408158101C8E414:1
1E4C9B93F3F0682250B6CF8331B7EE68FD8:3303003
20597F5AC10A2F67701B4AD1D3A09F72250:3
20AEBCE40E55EDA1CE07D175EC293150A7E:1
Guess what the entry with 3 million hits is? That's right, "password".

It's explained here:

Troy Hunt: I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Reply With Quote
Thanks, from:
JoeP (03-19-2018)
  #10  
Old 03-19-2018, 09:11 PM
But's Avatar
But But is offline
This is the title that appears beneath your name on your posts.
 
Join Date: Jun 2005
Gender: Male
Posts: MVDCCCLXXIII
Default Re: Check where your email address was breached

It's probably a good idea to test the procedure with a very common password; I just found out that Emacs adds final newlines to text files that don't have any, which gives the wrong hash.
Reply With Quote
Reply

  Freethought Forum > The Marketplace > Computers & Technology


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

 

All times are GMT +1. The time now is 07:15 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Page generated in 0.37641 seconds with 15 queries