Off Topic - Have you been pwned? (email/account compromised) - Forum

https://haveibeenpwned.com/ I just came across this, and it turned out one of the emails I'm using got #REKT. Luckily, nothing important was attached to it. The place that got "PWNED" was the nexus website, you know the place where people go to get Skyrim mods? Honestly, I've been using disposable email addresses to sign up to most websites for a few years now, and don't give them a real email address. Every new website I sign up to post at uses a different disposable email account. This way if they get something, they don't get anything important. Last edited by MrSmiley21 on Mar 7, 2017, 4:04:31 PM Last bumped on Mar 10, 2017, 9:56:05 PM	Posted by MrSmiley21 on Mar 7, 2017, 3:59:23 PM Quote this Post
apparently so, gamigo, wild star, myspace and r2 games? None of them matter, random passwords never reused Ancestral Bond. It's a thing that does stuff. -Vipermagi He who controls the pants controls the galaxy. - Rick & Morty S3E1	Posted by lagwin1980 on Mar 7, 2017, 6:22:56 PM Quote this Post
The site itself is probably place of gathering adresses. So be carefull. Once my FB account, that i owned several year ago and deactivated was resurrected by some chinese haker. Had to sent ID to FB admins to reclaim it. New password is hard break proof.	Posted by de99ial on Mar 8, 2017, 6:18:32 AM Quote this Post
I had an old minecraft account, something I haven't used in years, and found out that some chinese hacker got it. Turns out it was linked to the email address that was compromised. I couldn't confirm earlier that this was the case, but I know for a fact this is what happened now. Mojang, a couple of years ago changed the account systems, whereas you used to just have a "Minecraft account" and now they complicated things to where you make a "Mojang account" and you can attach your old minecraft accounts to your mojang account, and then you gotta login with your Mojang account. So what some hacker did was make a Mojang account, and then attached my old minecraft account to their Mojang account. Even if the above website is collecting addresses to send spam mail to, it's not like you're giving them your password, and the information provided did help me get to the bottom of this. FYI, the email address I used for the account on Nexus forums was the same one I used for a Minecraft account, and this was YEARS ago. That Nexus forums account has been banned for a long time. Didn't even remember I had it. People aren't in the business of brute forcing passwords. The strength of your passwords don't matter if they slap you with a keylogger, or if you reuse passwords on websites that get compromised. Now this doesn't matter if you use a different disposable email account for every website you register to post at. You could use password1234 and it wouldn't matter. Last edited by MrSmiley21 on Mar 8, 2017, 9:45:00 AM	Posted by MrSmiley21 on Mar 8, 2017, 9:41:50 AM Quote this Post
" MrSmiley21 wrote: https://haveibeenpwned.com/ I just came across this, and it turned out one of the emails I'm using got #REKT. Luckily, nothing important was attached to it. The place that got "PWNED" was the nexus website, you know the place where people go to get Skyrim mods? Honestly, I've been using disposable email addresses to sign up to most websites for a few years now, and don't give them a real email address. Every new website I sign up to post at uses a different disposable email account. This way if they get something, they don't get anything important. sound like a trap website to really get you pwned Poe Pvp experience https://youtu.be/Z6eg3aB_V1g?t=302	Posted by Head_Less on Mar 10, 2017, 1:04:04 AM Quote this Post
" de99ial wrote: New password is hard break proof. Most stolen passwords are obtained via hacking other sites, and since some people re use the same password they get hacked later on, then you have the other source...key loggers which don't give a fuck about how complex you think the password is, very little are obtained by brute forcing(breaking) Ancestral Bond. It's a thing that does stuff. -Vipermagi He who controls the pants controls the galaxy. - Rick & Morty S3E1	Posted by lagwin1980 on Mar 10, 2017, 2:26:13 AM Quote this Post
" MrSmiley21 wrote: So what some hacker did was make a Mojang account, and then attached my old minecraft account to their Mojang account. doesn't have ggg the same problem with support attaching steam and standalone accounts? afaik ggg support just requires them knowing the email addresses and some character names. email addresses are openly shown if you stream the game and char names are shown if you open your char list to be able to forum-trade. age and treachery will triumph over youth and skill!	Posted by vio on Mar 10, 2017, 3:59:54 AM Alpha Member Quote this Post
" lagwin1980 wrote: " de99ial wrote: New password is hard break proof. Most stolen passwords are obtained via hacking other sites, and since some people re use the same password they get hacked later on, then you have the other source...key loggers which don't give a fuck about how complex you think the password is, very little are obtained by brute forcing(breaking) Actually the on in FB was easy to break even for brute force. Im not sharing my passwords with anyone, also have secured PC with all kind IP hide addons, so im sure one that stole that accout was just lucky. But i had some notifications that - i dunno once per year maby, probably less - from my email provider that tehre was attempt to break it. Then i change it. IM not even showin my real pass on siter that suppposedly verifie how strong it is.	Posted by de99ial on Mar 10, 2017, 9:08:38 AM Quote this Post
" vio wrote: " MrSmiley21 wrote: So what some hacker did was make a Mojang account, and then attached my old minecraft account to their Mojang account. doesn't have ggg the same problem with support attaching steam and standalone accounts? afaik ggg support just requires them knowing the email addresses and some character names. email addresses are openly shown if you stream the game and char names are shown if you open your char list to be able to forum-trade. Attaching an email address to a Steam-only account is only possible when that user contacts us via PM whilst logged into the account with their Steam profile, as Steam has their own security features in place to prevent unauthorised access. Providing the information you have mentioned would not be enough to attach an email for the first time, or to change an existing one. :) Contact us at support@grindinggear.com!	Posted by Sarah on Mar 10, 2017, 3:05:18 PM Grinding Gear Games Quote this Post
" " vio wrote: " MrSmiley21 wrote: So what some hacker did was make a Mojang account, and then attached my old minecraft account to their Mojang account. doesn't have ggg the same problem with support attaching steam and standalone accounts? afaik ggg support just requires them knowing the email addresses and some character names. email addresses are openly shown if you stream the game and char names are shown if you open your char list to be able to forum-trade. Attaching an email address to a Steam-only account is only possible when that user contacts us via PM whilst logged into the account with their Steam profile, as Steam has their own security features in place to prevent unauthorised access. Providing the information you have mentioned would not be enough to attach an email for the first time, or to change an existing one. :) Is that a super saiyan hedgehog in your sig?^^	Posted by Deleted on Mar 10, 2017, 4:08:27 PM