Questions tagged [breach]
The breach tag has no usage guidance.
50
questions
0
votes
1
answer
2k
views
My personal info was leaked on the dark web through my Gmail Account; is it still safe to continue using said Gmail Account?
I have been using my personal Gmail Account for years to create accounts on a wide range of websites like evite.com and Instagram.
Google conducted a dark web scan and created a report of instances ...
- 1
0
votes
1
answer
137
views
CRIME like attack and locality of randomized data
I am not an information security expert (just a developer) and recently discovered this kind of vulnerability, and have a few questions (so sorry if I misinterpreted something about how the attack ...
- 103
0
votes
1
answer
202
views
CRIME and BREACH attacks, HTTP/2 and HTTP/3
I have been reading on CRIME and BREACH attacks and I want to learn better how to protect against them.
From what I understood, those attacks require TLS encryption over HTTP compression and HTTP ...
- 101
0
votes
0
answers
422
views
How to find out which data breach my password was in?
HIBP and my password manager both claim that a password that I am using has been seen in a data leak.
Neither of them provide information about which data leak exactly my password was seen in.
The ...
- 101
1
vote
0
answers
161
views
What can somebody do with just name and passport number?
What is the risk if just full name and passport number were to be leaked? just those two pieces of information and nothing else.
- 11
1
vote
1
answer
365
views
Data breach for my router in chrome
I have just logged into my router in Chrome, Win 10.
I got this warning.
I immediately changed the password.
But I have several questions.
Is the message reliable, in the sense that the breach ...
0
votes
0
answers
306
views
Google says my password has been found in data breach. HIBP knows nothing about it. Which data breach was that?
I've been using Chrome to save and sync my passwords across devices (and lately I am trying to switch to Bitwarden). Google warned me recently about a password I have used across multiple sites that ...
- 101
2
votes
3
answers
1k
views
Effective ways to hash phone numbers?
Suppose a company wants to implement 2FA for it's users using phone number OTP system, but does not really want to store their phone numbers as it could get breached and phone numbers are considered ...
0
votes
1
answer
348
views
How to secure Laravel website against the ongoing massive exploitation
My website built upon Laravel is currently under attack.
Only the index.php file was changed, and by that I mean that every line of code is inserted above the original Laravel code. So this code ...
0
votes
0
answers
231
views
Historical examples of breached TOTP secrets?
While reading about password breaches, it occurred to me; where are the TOTP shared secret breaches? Because TOTP relies on a shared secret (unlike say U2F) the server has a copy of the shared secret, ...
- 141
0
votes
3
answers
235
views
How are data breach lists sourced and distributed?
I understand at an elementary level how data breaches tend to be distributed, starting with friends of the attacker/discoverer and then being distributed via forums, paste bins, etc. However I was ...
- 756
0
votes
1
answer
147
views
Database of breached websites
I run a website with a user database. I have an account with my email and I put it on a website like Have I Been Pwned, which does not reveal a breach. I also check the website's list of breaches to ...
- 113
0
votes
1
answer
121
views
How to monitor your user accounts for breached logins?
On a few rare instances, I've received an email from a website notifying me that my email and password were found in batch of harvested logins, and they then force me to change my password.
This has ...
- 101
0
votes
4
answers
266
views
Why can't you use the same password for every site, if they are hashed on the site?
I've often heard people talking about not using the same password on every website. What's the deal if servers store passwords in a SHA hash instead of plain text? The most they can do is spam you ...
11
votes
1
answer
881
views
Why are water treatment facilities or similar connected to the internet? [closed]
I have a (sensitive) background in security, in short, I believe that the infrastructures MUST NOT connect to the internet. If you connect to the internet, it is a matter of time before it is breached....
- 5,559