They may not all be that bad (the next one in the list has only been seen twice), but the point is that it's a password that's clearly been seen before and were I to dig back into the source data, there's a good chance it's been seen in a breach alongside that email address too. Just looking at them, they're obviously terrible, but plugging the first one into Pwned Passwords give you a sense of just how terrible it is: No, and the passwords are the very first thing that starts to give it all away. Let's imagine you're the first person on the list you get a notification from HIBP, you check out the paste and see your Hotmail account listed there alongside your Spotify password and the plan you're subscribed to. Here's a perfect example of what I'm talking about, this one eventually triggering an email to me just last week: When an HIBP subscriber's address appears in one of these incidents, they get an automated notification and often, it seems, they then reach out to me. Very often, those addresses are accompanied by other personal information such as passwords. Many years ago, I introduced the concept of pastes to HIBP and what they essentially boil down to is monitoring Pastebin and a bunch of other services for when a trove of email addresses is dumped online.
My password is randomly generated and long so makes me wonder what happened there.Time and time again, I get emails and DMs from people that effectively boil down to this: Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they've had a data breach
Unexpected email from Spotify due to some “suspicious activity”. This is the third time Spotify has sent me an email about “suspicious activity” and I can only hope that whoever’s trying to get into my account changed the card information because i can’t afford this months lol Recently security breaches include Facebook, which “unintentionally uploaded” 1.5 million users’ email addresses without their consent, and Singapore’s Health Sciences Authority, which compromised the personal information of 808,000 blood donors that somehow wound up on the Internet. Spotify Data Finds Gen Z Can't Get Enough of Their Parents' Faves, From Joan Jett to Grateful DeadĪs TechCrunch points out, this may be an example of a “credential stuffing attack,” in which hackers scrape usernames and passwords from other hacked sites and try to use them to get into other sites.
0 kommentar(er)
