711 million email addresses and passwords dumped.

[Supercow]

It tells you when the breach was. So it's not hard. Did you change the password after the breach.

I'm on the Dropbox breach but that was 2012 password has changed many times since then.

D'oh ... thanks mate. Totally missed the glaringly obvious breach details.

 

[Narj]

It's always interesting to sign up and append +sitename to your email address if you have gmail because you can see who sold your details.

 

[Cleisthenes]

Having to go around changing all our employees work addresses that were affected today

 

[robj20]

Mine says its on the list but so what I have 2 step.
It doesn't say which site the password is from either so would you have to change all that you use that email on?

 

[Yaayuh!]

I'm surprised my main email address isn't on there. Others are though.

 

[Amleto]

does haveIbeenpawned do smart email aggregation? I have many email aliases using gmail address with '+', e.g. [email protected], [email protected].

Is it only going to correctly tell me my pwnage if I search for all of these!?

Nevermind, found their domain search

 

[Efour]

My Hotmail has been ravaged over the years but the Gmail ones withe the real value associated are safe as paper and straw houses.

 

[Devrij]

I think it's finally time to start using a password manager as I'm on this latest breach. Ugh, effort.

 

[Glaucus]

I think it's finally time to start using a password manager as I'm on this latest breach. Ugh, effort.

for the 10mins of effort, its a lifetime of no effort and you'll think why did i not do it sooner. Just remember once they are all added to delete all saved passwords on webrowser and disable the feature.

 

[d_brennen]

Noticed a lot more spam in both my Hotmail and Live inboxes... Both on the list. Been using 2FA and strong/unique passwords (lastpass) for ages so they can have my rubbish old accounts, I like giving to the needy

 

[Hiijinx]

I use Keepass and often save the random passwords to chrome which I guess is similar to online password managers like lastpass.

Question is, which is more secure, Last pass or Chrome password smart lock?

 

[Admiral Huddy]

Site is perfectly fine. Troy Hunt is the guy behind it - https://www.troyhunt.com/about/

. . and chap can be trusted because? ??

 

[Gee]

. . and chap can be trusted because? ??

I'm judging by the lack of ignorance in this post you didn't bother to read anything about him.

Here you go, some further reading. https://en.wikipedia.org/wiki/Troy_Hunt & https://en.wikipedia.org/wiki/Have_I_Been_Pwned?

 

[Ewaf]

Any recommendations for best password manager?

 

[OspreyO]

Oh well, time to change all my passwords again.

I don't understand why you would need to do that. All my password are different. I never use my main gmail password for anything else.
If they have one password they won't have any of the others. The only way they could hack it is to brute force it, and then it has 2fa aswell.

Also I often use a spare email for registering on non essential sites, and that gmail forwards it to my main account.
oddly enough though this account isn't on the breach. Just my main account. Because these breaches are generally big companies like Adobe.

How can you be sure that this 'have I been pwned' isn't collecting emails... dunno.

Does it really matter. Most people email will be guessed by a name & number generator. At some point you have to make it something you can remember. Which makes it very likely a pattern generating script will eventually create it.

 

[Glaucus]

Question is, which is more secure, Last pass or Chrome password smart lock?

Well lastpass is far more advance and feature rich.
As for security I can't find much about security for Google other than its encrypted. Lastpass however is extremely good.

 

[stockhausen]

I'm judging by the lack of ignorance in this post you didn't bother to read anything about him.

Here you go, some further reading. https://en.wikipedia.org/wiki/Troy_Hunt & https://en.wikipedia.org/wiki/Have_I_Been_Pwned?

Whilst I am quite sure that Troy Hunt is as honest as the day is long and the Have_I_Been_Pwned website isn't a tool for harvesting email and associated IP addresses, I wouldn't base any such judgement on something in Wikipdeia

 

[touch]

Whilst I am quite sure that Troy Hunt is as honest as the day is long and the Have_I_Been_Pwned website isn't a tool for harvesting email and associated IP addresses, I wouldn't base any such judgement on something in Wikipdeia

He owns a database with almost 5billion user acounts in it. Security researchers send him the latest dumps to add to the db all the time, there's even some where he is one of only a handful of people who have access to the data dump.
If he did want to sell email addresses he'd make much more from selling access to that database than he would harvesting from people who use the site and risking being implicated and losing the updates he gets for that database.

 

[Col_M]

I had a few hits on haveibeenpwned. As I've been off work sick the last few days, what better use of my time than to finally put all my passwords in a manager, replace them all with long auto-generated ones.

 

[Gee]

Whilst I am quite sure that Troy Hunt is as honest as the day is long and the Have_I_Been_Pwned website isn't a tool for harvesting email and associated IP addresses, I wouldn't base any such judgement on something in Wikipdeia

The Wikipedia page confirms what is on his actual website, which I linked in my original post.

Site is perfectly fine. Troy Hunt is the guy behind it - https://www.troyhunt.com/about/