Data Breach

[TAZ]

Got a LifeLock notification regarding a Nov 2018 data breach of TX Guntalk. Not sure if it’s a new thing or a resale if existing data files from a previous issue. Tried searching, but didn’t come up with any topics on the matter.

Either way it may be time for password changes as a CYA.

 

[knc1105]

Lifelock notified me Texas Gun Talk was breached and all user names passwords and email addresses were taken. My user names and passwords were sold on the Dark Web. I have already got ransom demands this morning. Any site with your user name and or password needs to be changed especially banking, email, social media.

 

[Hotdownrange]

Same here.

 

[Sam7sf]

interesting.

 

[majormadmax]

Honestly, if you use the same login/password on social media sites as you do banking, etc.; then maybe the Internet is not the best place for you!

 

[AustinN4]

Do some of you guys and gals really use the same names and passwords on your financial accounts as you do for forums? Really bad OpSec!

Edited to add: MMM beat me to it, but great minds think alike!

 

[SidewaysTA]

I don't use the same passwords for forums and banking or anything else for that matter. You shouldn't either.

Edited to add: MMM and AN4 beat me to it, but great minds think alike!

 

[AustinN4]

Looks like the OP of this thread was second to post this info by 7 minutes.

 

[Bozz10mm]

Wondering what the implications were of someone knowing my TGT password.

 

[AustinN4]

Do some of you guys and gals really use the same names and passwords on your financial accounts as you do for forums? Really bad OpSec!

BTW there are 2 threads on this but it looks like this one was first by 7 minutes.

 

[Sam7sf]

Do some of you guys and gals really use the same names and passwords on your financial accounts as you do for forums?

Not this guy but good reminder to the dangers to those that might.

Do you think it’s folks on the left trying to look for doxxing information or thieves? Or something else I don’t understand?

 

[Sam7sf]

Wondering what the implications were of someone knowing my TGT password.

Right? My life has changed in no way. So they see a password. Maybe our pm’s. Our pics. Thread history. Oh no lol.

Unless I’m missing something what reward is there for this? What was anyone hoping to find?

 

[stdreb27]

Lol. Uhho. I use the same password across all my forum accounts.

I hope they don’t say anything stupid...

 

[Southpaw]

Either way it may be time for password changes as a CYA.

That it is.

 

[Byrd666]

Wait. You mean to tell me that "password" or "123456789" are NOT good passwords??

 

[motorcarman]

Does this belong to you?
We detected identity information which may belong to you on the Dark Web, a term used which may also include the deep web or a peer-to-peer file sharing network.

The information found is usually from a “list” that’s being given away, traded or sold. The list could be old, so it’s important to see whether or not the information on it is out of date.

If you recognize information below as belonging to you, change the password associated with the affected website or service immediately. We also recommend setting up 2-factor authentication if available with that website/service. If you see a Social Security Number belonging to you, review credit reports for suspicious activity, watch financial transactions, and make sure LifeLock alert preferences settings are up to date for the account that belongs to you.

• DescriptionThe site texasguntalk.com has been reported in November 2018 to possibly have suffered a data exposure that could include 29208 usernames, emails and passwords
• UsernameExposed Online
• PasswordExposed Online
• Email*a**h*******@yahoo.com

 

[toddnjoyce]

...
Do you think it’s folks on the left trying to look for doxxing information or thieves? Or something else I don’t understand?

Most data breaches are simply for the email, password, and any other stored info. There’s a huge black market for valid email addresses. With enough patchwork, a quilt can be made.

The bigger concern is the strategy TGT employs for storing the password, and I don’t know what that is. That’s a good thing, by the way.

Practice standards for storing user credentials suggest both salting and hashing passwords. Salting should be randomized and unique per credential. Hashing should be incorporate strong cryptography.

Even if we do these things though, all it takes is time and computing power (whether local or distributed) to crack the information.

That info is then added to a rainbow table, which is essentially a dictionary of all the information collected from multiple sources around, say, a username, or an email address.

As a rainbow table gathers more information, it becomes faster to crack salting and hashing algorithms. To combat that, forums can use multi-factor authentication. The challenge with two-factor authentication is that most of it relies on providing a one-time use “key” that is usually sent from the forum server to the user’s registered email or cellphone. But that only aids with ensuring the right user is gaining access to the forum.

What’s interesting is the business models that have developed to facilitate hacking forums, collecting the information, refining the information, packaging, and reselling the info.

 

[AustinN4]

DescriptionThe site texasguntalk.com has been reported in November 2018 to possibly have suffered a data exposure that could include 29208 usernames, emails and passwords

Nice to know that Lifelock gives timely notifications (not).

 

[Brains]

I use garbage passwords (marginally secure and nowhere near the same patterns I use on 'real' sites) on forums, with the assumption they will be compromised at some point.

 

[Brains]

So I'm guessing the site admins aren't aware?