Dynadot
NameSilo

Silentptnr

Domains88.com
Impact
48,159
Last edited:

barybadrinath

Restricted (15-30%)
Impact
915
It also seems Breached data is being sold on dark web. Private Source is generally a criminal trying to sell the hacked data.

upload_2021-9-24_0-51-23.png
 

Attachments

  • upload_2021-9-24_0-50-14.png
    upload_2021-9-24_0-50-14.png
    194.8 KB · Views: 21

FiniteCrystal

Established Member
Impact
262
Username or email are used for login. That's half information. Other half is password.
A username or email is just used to identify which user is trying to log in, remember that people sometimes share their email addresses so they can use email for communicating with people. The password is the secret. Two secrets isn't really any more secure than one secret, which is why 2 factor authentication systems use something you have or something you are instead of 2 things you know.
 
Impact
2,925
why Chris Hydrick left the forum? He commented on this topic since Sept, 14th
does anybody knows?
Threads like this tend to cause a lot of tension within the community. It’s wise to take a break when you feel it’ll be helpful; he’s always been good at doing that. We hope to see him return again when he’s ready.

While he was heavily contributing to this thread, please create a new thread to discuss topics that are not directly related to the topic of this thread.
 
Impact
21,480
It also seems Breached data is being sold on dark web. Private Source is generally a criminal trying to sell the hacked data.

View attachment 200156

I feel sure this is being dealt with right now it takes a little time to round up discovery to start preceding… I left my CC wide open just for this very reason ..
 
Last edited:

Lox

_____
Impact
7,123
....You don't necessarily have to change your email either, just make sure you change your password and you'll be fine.

Let me repeat;

For Domain Investors!
If pwned, change your email address > @ every registrar.
Such high levels of "caffeine" can cause serious problems. That's all I can say.

dyodd

Regards
 

NicTraders

Top Contributor
Impact
1,521
If pwned, change your email address > @ every registrar.
So, what exactly is your reasoning for this?... Just because of the probable impending influx of spam, or do you believe this to be a significant security risk? I'd like to hear your explanation for why it's so important. Thanks.
 

FiniteCrystal

Established Member
Impact
262
For Domain Investors!
If pwned, change your email address > @ every registrar.
Such high levels of "caffeine" can cause serious problems. That's all I can say.
Quit ignoring the people asking you what your reasoning for this is. What possible reason could someone need to change their email address on all their registrar accounts? If they change all their passwords to a random string and use a password manager, anyone trying to use their email to get into their account will not be able to get in unless they've breached the password manager. It's really quite simple. Enable 2 factor authentication and they'd also have to steal your phone.
 
Last edited:

NicTraders

Top Contributor
Impact
1,521
Quit ignoring the people asking you what your reasoning for this is. What possible reason could someone need to change their email address on all their registrar accounts? If they change all their passwords to a random string and use a password manager, anyone trying to use their email to get into their account will not be able to get in unless they've breached the password manager. It's really quite simple. Enable 2 factor authentication and they'd also have to steal your phone.
Yep. I can only imagine s/he thinks that with the email, Registrars are open to a social engineering attack which might give the attacker access to my your account, but I really can't see many attackers taking the time for this when there is so much other low-hanging fruit in the breached data. It would be more time-consuming and a lot less rewarding than seeing what you get out of a brute force attack. I personally think a decent pw and 2FA is adequate, but am happy to be corrected...
 

Lox

_____
Impact
7,123
Tags
acks Watch tag
1 of 38 #ks examples (Registrar Paper form - that's difficult, but not necessarily impossible. e.g. Radiation #acks can be used to scan 2FA via hug, SMS (engineering), secret questions etc). All begin with a phishing email. No more comments. Do whatever you like.

Think different.

chgt-email.jpg


Regards
 
Last edited:

NicTraders

Top Contributor
Impact
1,521
Tags
acks Watch tag
1 of 38 #ks examples (Registrar Paper form - that's difficult, but not necessarily impossible. e.g. Radiation #acks can be used to scan 2FA via hug, SMS (engineering), secret questions etc). All begin with a phishing email. No more comments. Do whatever you like.

Think different.

View attachment 200179

Regards
Thanks for the comment. I appreciate that.
Personally I am OK with that risk:
  • It's not low-hanging fruit. Far from it.
  • I have no evidence that the attackers have my ID to social engineer something like this.
  • They'd have to get up very early in the morning to get a phishing arrack past me
  • I should receive notification of any such change if it were requested.
 

NicTraders

Top Contributor
Impact
1,521
Did everyone's pw get leaked or just some?
That is my understanding, though it's not necessarily 100% possible to know fully as some of the data has been messed with by the attackers (possibly to keep some for themselves).
Was it really in plaintext?
Some were in plain text and some were hashed.
Refer here and here for more details.
 

Frans Citroën

Top Member
Impact
2,271
epikfail-tweet.png


Source: Twitter

##############

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives". The six groups are:
  1. Build and Maintain a Secure Network and Systems
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy
 
Last edited:

Haris

Best Domainer Of The End-Times
Impact
8,112
Did everyone's pw get leaked or just some? Was it really in plaintext? Rob didn't really say anythingin the email. He seemed like he was trying to go with "pw not leaked" but change it just in case. No mandatory change required by him.

Passwords can be changed easily. The bigger problem is that the Credit Card info was in plaintext. Now hackers can purchase stuff online with our money unless we cancel our card/s
 
Top