Upvote Upvoted 14 Downvote Downvoted
Password Collection #1
posted in Off Topic
1
#1
0 Frags +
haveibeenpwned.comCollection #1
In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
troyhunt.comThere are 21,222,975 unique passwords.

I recommend to everyone to check if your password is on this list on haveibeenpwned.com/Passwords .
If you are sceptical about entering your password there you can download the whole database of hashed passwords on the bottom of that site and try to look for yourself.

The password generator of my choice would be XKPasswd as there are multiple presets to choose from for generating the password.

[quote=haveibeenpwned.com][h]Collection #1[/h]
In January 2019, a large collection of credential stuffing lists (combinations of email addresses and [b]passwords[/b] used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including [b]773 million unique email addresses alongside passwords[/b] those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post [url=https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/]The 773 Million Record "Collection #1" Data Breach[/url].[/quote]

[quote=troyhunt.com]There are 21,222,975 unique passwords.[/quote]

I recommend to everyone to check if your password is on this list on [url=https://haveibeenpwned.com/Passwords]haveibeenpwned.com/Passwords[/url] .
If you are sceptical about entering your password there you can download the whole database of hashed passwords on the bottom of that site and try to look for yourself.

The password generator of my choice would be [url=https://xkpasswd.net/s/]XKPasswd[/url] as there are multiple presets to choose from for generating the password.
2
#2
8 Frags +

majority of passwords from the new dump were already out there in one of the previous ones. still good to change them

majority of passwords from the new dump were already out there in one of the previous ones. still good to change them
3
#3
9 Frags +

My password is password1 pls don't tell anyone

My password is password1 pls don't tell anyone
4
#4
12 Frags +

123456 has been seen 23,174,662 times
TeamFortress2 has been seen 72 times
teamfortress has been seen 302 times
tf2 has been seen 86 times
valve has been seen 533 times
steam has been seen 4474 times
discord has been seen 821 times

It's insane that theres this many people using passwords w/o numbers and capitals

123456 has been seen 23,174,662 times
TeamFortress2 has been seen 72 times
teamfortress has been seen 302 times
tf2 has been seen 86 times
valve has been seen 533 times
steam has been seen 4474 times
discord has been seen 821 times

It's insane that theres this many people using passwords w/o numbers and capitals
5
#5
34 Frags +

the password 'b4nny' has been seen three times

the password 'kaidus' has been seen six times

the password 'b4nny' has been seen three times

the password 'kaidus' has been seen six times
6
#6
17 Frags +

the password 'bruhmoment' has been seen zero times

the password 'bruhmoment' has been seen zero times
7
#7
2 Frags +

dragonwarrior12: This password has been seen 7 times before

dragonwarrior12: This password has been seen 7 times before
8
#8
-5 Frags +

aw damn benshapiro has been seen 15 times before now i gotta switch my password on steam

aw damn benshapiro has been seen 15 times before now i gotta switch my password on steam
9
#9
-2 Frags +

https://i.gyazo.com/3950f0c2b1e8fdce81a7cc59c59152d8.png

[img]https://i.gyazo.com/3950f0c2b1e8fdce81a7cc59c59152d8.png[/img]
10
#10
11 Frags +

wow! nice password!

wow! nice password!
11
#11
10 Frags +
glassthe password 'b4nny' has been seen three times

the password 'kaidus' has been seen six times

There we have it guys: kaidus > b4nny

[quote=glass]the password 'b4nny' has been seen three times

the password 'kaidus' has been seen six times[/quote]

There we have it guys: kaidus > b4nny
12
#12
-1 Frags +
gbj123456 has been seen 23,174,662 times
TeamFortress2 has been seen 72 times
teamfortress has been seen 302 times
tf2 has been seen 86 times
valve has been seen 533 times
steam has been seen 4474 times
discord has been seen 821 times

It's insane that theres this many people using passwords w/o numbers and capitals

i dont think putting complex characters in, say a 8 char string makes any big difference over a normal string. It's better to have a long sentence of normal words rather than having the PITA of remembering wh1cH 133T'$p33k you used.

Also I couldnt find a way to search for a combo after seeing one broken password.

[quote=gbj]123456 has been seen 23,174,662 times
TeamFortress2 has been seen 72 times
teamfortress has been seen 302 times
tf2 has been seen 86 times
valve has been seen 533 times
steam has been seen 4474 times
discord has been seen 821 times

It's insane that theres this many people using passwords w/o numbers and capitals[/quote]
i dont think putting complex characters in, say a 8 char string makes any big difference over a normal string. It's better to have a long sentence of normal words rather than having the PITA of remembering wh1cH 133T'$p33k you used.

Also I couldnt find a way to search for a combo after seeing one broken password.
13
#13
1 Frags +
Twiggyi dont think putting complex characters in, say a 8 char string makes any big difference over a normal string. It's better to have a long sentence of normal words rather than having the PITA of remembering wh1cH 133T'$p33k you used.

26^n < 62^n

[quote=Twiggy]
i dont think putting complex characters in, say a 8 char string makes any big difference over a normal string. It's better to have a long sentence of normal words rather than having the PITA of remembering wh1cH 133T'$p33k you used.
[/quote]
26^n < 62^n
14
#14
12 Frags +

Estrogen_took_my_homie is clean boys

Estrogen_took_my_homie is clean boys
15
#15
5 Frags +

A fun anecdote.

As a private individual I used to think I was pretty good at generating passwords and stewarding my various financial transactions on the internet and so far, I haven't had a major breech or financial set back.

But since becoming responsible for the administration of a company credit card - from the same bank I've always used as a private individual - it has been stolen 4 times in 3 years. Luckily the bank has caught the offending transactions before they ever cleared all 4 times, but clearly I wasn't doing enough.

A fun anecdote.

As a private individual I used to think I was pretty good at generating passwords and stewarding my various financial transactions on the internet and so far, I haven't had a major breech or financial set back.

But since becoming responsible for the administration of a company credit card - from the same bank I've always used as a private individual - it has been stolen 4 times in 3 years. Luckily the bank has caught the offending transactions before they ever cleared all 4 times, but clearly I wasn't doing enough.
16
#16
15 Frags +

i admit my pw is kaidus but that's only because i couldnt think of anything then i looked to my shrine and it clicked

i admit my pw is kaidus but that's only because i couldnt think of anything then i looked to my shrine and it clicked
17
#17
-2 Frags +
bleghfarecthe password 'bruhmoment' has been seen zero times

kaidus>b4nny

[quote=bleghfarec]the password 'bruhmoment' has been seen zero times[/quote]

kaidus>b4nny
18
#18
15 Frags +

the password 'skeez' has been seen 52 times

the password 'skeez' has been seen 52 times
19
#19
2 Frags +
MarxistA fun anecdote.

As a private individual I used to think I was pretty good at generating passwords and stewarding my various financial transactions on the internet and so far, I haven't had a major breech or financial set back.

But since becoming responsible for the administration of a company credit card - from the same bank I've always used as a private individual - it has been stolen 4 times in 3 years. Luckily the bank has caught the offending transactions before they ever cleared all 4 times, but clearly I wasn't doing enough.

You can literally do everything right and still get you CC and other things stolen/used without your consent. It only takes 1 idiot to ruin it for a lot of people.

Here's 2 examples from my life.

1. Company you work for has a Intern in HR that has access to all employees W-2 info and the fall for a phishing scheme of someone pretending to be the companies CFO. Sent all the W-2 info of all employees to this random dude, this could have all been prevented if she continued to read after the Name and looked at the email address they were sending from... Since this incident several dozen employees have had to go back and forth with the IRS to get their Tax returns and that the other person who filed in their name wasn't them.

2. Have a coworker get a nasty 0-day exploit virus that infects 90% of the PCs and 75% of the servers and got all kinds of usernames and password for a ton of shit. Which happened to include my Amazon account that I had a random generated 17 character password for. Someone ordered like $4800 worth of shit from my amazon account, and I wasn't the only one this happened to... I did do 1 thing wrong here and that I didn't setup 2-factor authentication with Amazon originally... Oh an that virus could've been prevent of the employee didn't open up an image attachment from something that was obviously spam

[quote=Marxist]A fun anecdote.

As a private individual I used to think I was pretty good at generating passwords and stewarding my various financial transactions on the internet and so far, I haven't had a major breech or financial set back.

But since becoming responsible for the administration of a company credit card - from the same bank I've always used as a private individual - it has been stolen 4 times in 3 years. Luckily the bank has caught the offending transactions before they ever cleared all 4 times, but clearly I wasn't doing enough.[/quote]

You can literally do everything right and still get you CC and other things stolen/used without your consent. It only takes 1 idiot to ruin it for a lot of people.

Here's 2 examples from my life.

1. Company you work for has a Intern in HR that has access to all employees W-2 info and the fall for a phishing scheme of someone pretending to be the companies CFO. Sent all the W-2 info of all employees to this random dude, this could have all been prevented if she continued to read after the Name and looked at the email address they were sending from... Since this incident several dozen employees have had to go back and forth with the IRS to get their Tax returns and that the other person who filed in their name wasn't them.

2. Have a coworker get a nasty 0-day exploit virus that infects 90% of the PCs and 75% of the servers and got all kinds of usernames and password for a ton of shit. Which happened to include my Amazon account that I had a random generated 17 character password for. Someone ordered like $4800 worth of shit from my amazon account, and I wasn't the only one this happened to... [i]I did do 1 thing wrong here and that I didn't setup 2-factor authentication with Amazon originally...[/i] Oh an that virus could've been prevent of the employee didn't open up an image attachment from something that was obviously spam
20
#20
3 Frags +

I think it's ironic that "correcthorsebatterystaple" has been seen 114 times

I think it's ironic that "correcthorsebatterystaple" has been seen 114 times
21
#21
5 Frags +

corsa has been seen 2,960 times before
corba has been seen 107 times before
corsakart has been seen 2 times before

corsa has been seen 2,960 times before
corba has been seen 107 times before
corsakart has been seen 2 times before
22
#22
1 Frags +

 

 
23
#23
2 Frags +

honestly as long as your password isn't a single dictionary word and you dont reuse them its fine

personally i use a password database for important stuff and variations on a simplish password for everything else

honestly as long as your password isn't a single dictionary word and you dont reuse them its fine

personally i use a password database for important stuff and variations on a simplish password for everything else
Please sign in through STEAM to post a comment.