711 million email addresses and passwords dumped.

[Kristoph]

https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

Was just notified by haveibeenpwned.com that I've had my email address detected in this recent dump of emails and passwords.

I've changed my passwords for the affected email accounts but probably worth people checking themselves if they don't have haveibeenpwned notifications on.

 

[G-MAN2004]

Damn, mine too. Any indication of what accounts they are? Changing everything will be a massive pain.

Thanks for letting us know.

 

[Rroff]

I think most people will find their email, some IPs and limited personal info (not passwords) will be there as breaches now after recent incidents with companies selling info for marketing being targetted.

 

[xb8browney]

4 times for me apparently.

Litteraly just got an email from CeX about a breach.

 

[Kristoph]

I've no idea what accounts it related to but I've just changed my Gmail account passwords. Not ideal but I could probably recover something if it came to it.

Would be nice if there was a way of it telling you which websites the email was linked to.

 

[jsmoke]

4 times, does that mean I need to change password or just that my email has been found?

 

[bingham67]

Dam it appears I am also in this breach

 

[snips86x]

Changed my gmail account PW also

 

[Kristoph]

jsmoke - 4 times in the Onliner one or 4 separate websites showing in haveibeenpwned?

If it has detected specific websites I'd recommend changing your password associated with those sites.

As for the Onliner dump, it's hard to say unless you have direct access to the data. I've changed at a minimum the password on my email accounts (although I do have 2fa on them).

 

[NewGamer11]

Me too. Not too fussed. Password is different from other online services but will change it.

I look forward to more exciting offers. Imagine my disappointment when I found out the cunnilingus lovers event I'd been invited to wasn't real.

EDIT - Changed password anyway and set up 2FA.

 

[Rroff]

4 times, does that mean I need to change password or just that my email has been found?

Complicated one as some of the big breaches are a mix of harvested emails with no passwords, guesses at passwords and some cracked data so even if the breach lists email addresses, passwords, usernames, etc. doesn't mean they have all that info for every entry.

There is a myspace one for instance that has 300million emails but only 4 million or something email and password pairs and only half of them are actual cracked ones rather than guesses from automated attempts to match you up with data from other exploits, etc.

 

[XeNoN89]

My email is also in there, doubt it has my password though

 

[Armageus]

My email is also in there, doubt it has my password though

I would agree, both my work email and personal email are flagged as being in this dump. Can't think of anything that I have in common between the two - more likely just to be randomly gathered email addresses via rogue mailserver or similar.

 

[crazy8s]

No hits but it registered hits on my old email from many year's ago

 

[NoobCannon]

Thing ive never understood the haveibernpwned website is it says that my email address has been owned but lists 3 sites that I've never had anything to do with. Never ever recieved emails from and of the mentioned sites not even spam

Its been the same way ever since I first found about the pwned site. Assume someone signed up with my email address randomly so I'm opting to take the pwned site with a pinch of salt.

 

[FurryLemon]

All good here.

Thanks for the heads up though.

 

[grudas]

11 sites.. lol.

Probably typing in your email there will also populate their database haha.

 

[Nitefly]

How can you be sure that this 'have I been pwned' isn't collecting emails... dunno.

 

[Dis86]

Safe

 

[darael]

Oh well, time to change all my passwords again.