38 votes

Have I Been Pwned?

20 comments

  1. [3]
    cfabbro
    (edited )
    Link
    Tildes actually uses HIBP's breached passwords list to restrict the availability of passwords here: https://tildes.net/settings/password_change p.s. Firefox Monitor also utilizes the HIBP database...

    Tildes actually uses HIBP's breached passwords list to restrict the availability of passwords here:
    https://tildes.net/settings/password_change

    Password restrictions

    • At least 8 characters long.
    • Does not contain the username, and is not contained in the username.
    • Has not been previously exposed in a data breach (checked locally against a list downloaded from Troy Hunt's "Have I been pwned?").

    p.s. Firefox Monitor also utilizes the HIBP database too.

    34 votes
    1. [2]
      kfwyre
      Link Parent
      I am really glad that Firefox Monitor is an alternate way of utilizing HIBP. I’ve recommended it to so many family members. “Have I Been Pwned” — both as a name and a site — has a feel to it that...

      I am really glad that Firefox Monitor is an alternate way of utilizing HIBP. I’ve recommended it to so many family members.

      “Have I Been Pwned” — both as a name and a site — has a feel to it that makes it seem both mildly unofficial and mildly untrustworthy. I know it’s not, but the people I recommend it to know nothing of what “pwned” means or the site’s good record. At a first, untrained glance, it can come across as the kind of site to which I would actively discourage them from giving personal information.

      I feel like Firefox Monitor lends the project the credibility of an established internet brand plus a more easily understandable name and purpose, which greatly benefits HIBP’s accessibility to people who are most likely to benefit from its use.

      19 votes
      1. ignorabimus
        Link Parent
        Totally. I have enough problems telling people "you shouldn't give your details to weird sites" on the internet (second only to "if you get an email purporting to be from a supplier saying 'there...

        Totally. I have enough problems telling people "you shouldn't give your details to weird sites" on the internet (second only to "if you get an email purporting to be from a supplier saying 'there are our new bank details, please use for future payments' then you should not pay the 'new' account before rining the supplier to check" – this was a real case I know of where someone paid US$600k to a fraudster) that saying "but this weird site is OK" would just open a massive jar of worms.

        6 votes
  2. [3]
    Comment deleted by author
    Link
    1. cfabbro
      (edited )
      Link Parent
      I had the exact same thing happen with Gravatar, but when I looked into it, I discovered that Gravatar was used by EA for Battlefield 3. And apparently creating a Gravatar account was mandatory if...

      I had the exact same thing happen with Gravatar, but when I looked into it, I discovered that Gravatar was used by EA for Battlefield 3. And apparently creating a Gravatar account was mandatory if you wanted to use BF3's Battlelog service to play the game online (which I did). So that's when I undoubtedly signed up for Gravatar, but I had simply forgotten about it since it was over 10 years ago. And so if you also played Battlefield 3 back in the day, that's likely when you signed up for Gravatar too.

      However, another possibility is that Gravatar is owned by Wordpress, and so if you have ever made a Wordpress account you automatically had a Gravatar account made for you with the same email address too:

      WordPress.com associates a profile picture with your email address using Gravatar. This means that when you create a WordPress.com account, you create a Gravatar profile, and your WordPress.com and Gravatar accounts are linked automatically.

      https://wordpress.com/support/gravatars/

      10 votes
    2. Sodliddesu
      (edited )
      Link Parent
      A smaller, sketchier website is likely to attract paranoid or throw away information from users, therefore you're less likely to get 'good' data from them making them a less likely target and...

      A smaller, sketchier website is likely to attract paranoid or throw away information from users, therefore you're less likely to get 'good' data from them making them a less likely target and therefore 'safer'.

      Doesn't mean they're not selling your data to everyone, just that hackers aren't getting your information for free.

      Now, you want real data you gotta go after real targets. I'm sure Twitter gets hundreds of thousands of attempts each day, hell, maybe even hour. Because the normies are there and put their actual information into it.

      3 votes
  3. Sprung2048
    Link
    Bitwarden has this integrated in their webapp.

    Bitwarden has this integrated in their webapp.

    10 votes
  4. [13]
    ignorabimus
    (edited )
    Link
    "Pwned" is internet slang (quite probably originating from a typo-induced mispelling of "owned"), in this context meaning "hackers know your password, because hackers have compromised the database...

    "Pwned" is internet slang (quite probably originating from a typo-induced mispelling of "owned"), in this context meaning "hackers know your password, because hackers have compromised the database where an online service you use stores its users' passwords".

    7 votes
    1. Sodliddesu
      Link Parent
      I guess I only just realized that someone might need pwned explained to them... I think I should start taking baby aspirin to reduce my risk of heart attack. For what it's worth, I went many years...

      I guess I only just realized that someone might need pwned explained to them... I think I should start taking baby aspirin to reduce my risk of heart attack.

      For what it's worth, I went many years without showing up on this site but I've had a fair few since 2014ish. Also, the website usually lists the types of data confirmed from each websites hack, for instance they got my old license plates and address from the Park Mobile hack, so it's not just passwords - they might know your phone number, gender, make and model as well.

      17 votes
    2. [11]
      pyeri
      Link Parent
      Why do hackers do such things and cause harm to other humans at all? Wasn't the instinct of morality or ethics supposed to evolve in tandem with other advanced abilities (like math and technical...

      Why do hackers do such things and cause harm to other humans at all?

      Wasn't the instinct of morality or ethics supposed to evolve in tandem with other advanced abilities (like math and technical skills)? It'd seem unintuitive for Nature to gift such advanced skills to a human without bestowing the basic gift of morality or wisdom first, isn't it?

      2 votes
      1. [8]
        CannibalisticApple
        Link Parent
        It's more complex. I think ultimately, advanced skills are rooted in forms of greed and seeking power. That's not necessarily a bad thing, as you can be greedy for knowledge and just take pride in...

        It's more complex. I think ultimately, advanced skills are rooted in forms of greed and seeking power. That's not necessarily a bad thing, as you can be greedy for knowledge and just take pride in your skills. Some people advanced fields of science for their own personal satisfaction, others did it due to being competitive and wanting to be better than their rivals.

        Ultimately, I think what nature pushes on creatures most is survival of the species, particularly yourself and the rest of your line. Morality can help with the species as a whole, but being selfish can give more individual chances for survival.

        I think part of what sets humans apart from other animals is that we can put aside that instinct to be selfish for the sake of survival to help others, even those unrelated to us. That's part of how our species evolved and managed to thrive so long.

        9 votes
        1. [5]
          xk3
          Link Parent
          Crime is usually done because of one or more of the following: Out of perceived necessity. To buy food, beer, and diapers. For the thrill of it. Adrenaline rush. For prestige. Gangs often use...

          Crime is usually done because of one or more of the following:

          1. Out of perceived necessity. To buy food, beer, and diapers.

          2. For the thrill of it. Adrenaline rush.

          3. For prestige. Gangs often use crimes to gain prestige and reputation.

          4. Revenge. A desire for vengeance over a perceived wrong. For great justice.

          6 votes
          1. [4]
            pyeri
            Link Parent
            There is also reason 5 (deep state actors, geo-politics, industrial espionage, etc.). This is increasing a lot lately.

            There is also reason 5 (deep state actors, geo-politics, industrial espionage, etc.). This is increasing a lot lately.

            3 votes
            1. xk3
              Link Parent
              I don't think that is really a motivating reason but perhaps a category of crime?

              I don't think that is really a motivating reason but perhaps a category of crime?

              The CIA has some terminology it uses to explain why people give state secrets to an enemy government, called MICE. It happens to be broadly applicable to a lot of conspiratorial motivation, and not just the motivations of spies. The acronym stands for Money, Ideology, Coercion, and Ego. Those first two reasons for a conspiracy are self explanatory - they make money, or they believe in what their doing for political or religious reasons. In espionage, the 'C' usually refers to blackmail (often by threatening to expose the information the agent has already passed on to their home government). In cases of criminal informants, it's threats of jail time for charges the prosecutor is willing to drop if the criminal helps arrest co-conspirators.
              https://www.lesswrong.com/s/nDjTh6xRPL23YSH6k/p/hurF9uFGkJYXzpHEE

              2 votes
            2. vord
              Link Parent
              Those are mostly just manifestations of combining 1,3,and 4 though.

              Those are mostly just manifestations of combining 1,3,and 4 though.

            3. crius
              Link Parent
              That's a point 3 clear as day. The example use gangs but, really, any organisation that aim at power can fit.

              That's a point 3 clear as day.

              The example use gangs but, really, any organisation that aim at power can fit.

        2. [2]
          pyeri
          Link Parent
          Actually, nature prioritizes the species survival over individual survival in most cases. The classic case is maternal love, how the mother's instinct of love causes her to protect the child's...

          Actually, nature prioritizes the species survival over individual survival in most cases.

          The classic case is maternal love, how the mother's instinct of love causes her to protect the child's life even at the cost of her own or anyone else's. It's almost intrinsic or nature powered.

          Another example is the instinct of morality or ethics, why does it exist in humans at all? If not for nature's prioritizing of collective over individual survival.

          A lot also depends on the population growth and availability of resources. There is the Malthusian Theory in classical economics which states that when population grows unchecked beyond a certain point WRT availability of resources, nature actually pushes the pandemics like the black plague to bring it down and make it sustainable. This is also the case of prioritizing collective over individual if you think about it.

          1 vote
          1. TallUntidyGothGF
            Link Parent
            I don't think this is necessarily true, it doesn't align with the gene-centred view of evolution, which would, for example, say that 'maternal loving' behaviours have developed because they lead...

            I don't think this is necessarily true, it doesn't align with the gene-centred view of evolution, which would, for example, say that 'maternal loving' behaviours have developed because they lead to survival of the groups of genes that give rise to organisms that exhibit them i.e. the children whose genetic material is shared with the parent are more likely to survive and reproduce. Even in the context of modern takes on group selection theory, e.g. multilevel selection, altruistic behaviours can arise through group selection but only where they outweigh selfish behaviours mediated by gene/individual selection (probably not most cases).

            It is very neat that nature is filled with so many of these self regulating positive and negative feedback loops, anyway.

            3 votes
      2. Sodliddesu
        Link Parent
        To quote Run The Jewels, "morality is only a memory when belly's empty." I need food. Hurting these people I don't know halfway across the world gets me money. Money gets me food. Gotta steal to...

        To quote Run The Jewels, "morality is only a memory when belly's empty."

        I need food. Hurting these people I don't know halfway across the world gets me money. Money gets me food. Gotta steal to eat, gotta eat to live, otherwise we'd get along.

        That's the most charitable take at least, some people just suck, but there's smart people everywhere.

        2 votes
      3. BashCrandiboot
        Link Parent
        As all aspects of humanity evolve, so too does assholery.

        As all aspects of humanity evolve, so too does assholery.

  5. Bullmaestro
    (edited )
    Link
    My email address returned 18 results. Nearly all of them are your typical username, email address, password leaks. The worst breach was a Korean publisher that used to host a mildly popular MMORPG...

    My email address returned 18 results. Nearly all of them are your typical username, email address, password leaks.

    The worst breach was a Korean publisher that used to host a mildly popular MMORPG that I used to play (FlyFF.) They were the kind of publisher that would ask for all kinds of details on registration like DOB, physical address, etc, and store all that shit in plain text.

    I think part of it is that South Korea has very strict internet registration laws (almost comparable to those of China) where you have your whole online presence tied to your social security number, so any publisher that dipped their toes into the Western market ended up adopting similar practices.

    7 votes
  6. Comment removed by site admin
    Link