Has there been a data breach on KVR (I get a message advising a password change) ?
- KVRist
- Topic Starter
- 477 posts since 30 May, 2018
I went to KVR this morning and my Chrome browser pops up a window that says there's been a data breach on KVR and I should change my password here.
Anyone else had that?
Anyone else had that?
Reaper (win), i7-7700k, 16GB
- KVRAF
- 15206 posts since 8 Mar, 2005 from Utrecht, Holland
Not me
Got any suspicious plugins in Chrome that could have made this report?
Got any suspicious plugins in Chrome that could have made this report?
We are the KVR collective. Resistance is futile. You will be assimilated.
My MusicCalc is served over https!!
My MusicCalc is served over https!!
- KVRian
- 643 posts since 17 Aug, 2015 from Finland
Did you check the e-mail address it came from?
My solo projects:
Hekkräiser (experimental) | MFG38 (electronic/soundtrack) | The Santtu Pesonen Project (metal/prog)
Hekkräiser (experimental) | MFG38 (electronic/soundtrack) | The Santtu Pesonen Project (metal/prog)
- KVRist
- Topic Starter
- 477 posts since 30 May, 2018
It was a pop-up when I visited KVR.
But it didn't happen for a couple of days.
I do have Click&Clean Chrome browser extension installed. Its a security thing:
https://chrome.google.com/webstore/deta ... mamedcbeod
Reaper (win), i7-7700k, 16GB
- Rad Grandad
- 38044 posts since 6 Sep, 2003 from Downeast Maine
ftr it could just be a thing they do, I mean it's good advice no? However, if they know the age of your passwords? Not good. This is the first time this issue came up that I can recall.
With that said I think it might get a little more proper attention in the site stuff forum but I'll leave a shadow here
With that said I think it might get a little more proper attention in the site stuff forum but I'll leave a shadow here
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.
- KVRist
- Topic Starter
- 477 posts since 30 May, 2018
Here's the message I get, just got it now.
Reaper (win), i7-7700k, 16GB
-
- KVRAF
- 2362 posts since 17 Apr, 2004
Is it this?
https://www.wired.com/story/chrome-79-password-check/
(Though I only skim read the article, the way these things work is that your hashed password is compared to the hash of a known (leaked) password; so I'm guessing that's whats going on here.)
https://www.wired.com/story/chrome-79-password-check/
It presumably means that the password you use has been used on a site that has been compromised. It may have been you reusing a password, or someone else using the same password. Either way, that suggests that your password in and of itself may not be a good one. It doesn't mean that KVR has been breached, just that a site out there was breached where someone was using the same password.All of these Password Checkup features work for people who have their username and password combos saved in Chrome and have them synced to Google's servers. Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.
(Though I only skim read the article, the way these things work is that your hashed password is compared to the hash of a known (leaked) password; so I'm guessing that's whats going on here.)
Last edited by sjm on Wed Dec 18, 2019 10:46 pm, edited 1 time in total.
Voted KVR's resident drunk Robert Smith impersonator (thanks Frantz!)
https://open.spotify.com/artist/2myYesRBRgQB3LkZzEYdt5 | https://soundcloud.com/steevm/
https://open.spotify.com/artist/2myYesRBRgQB3LkZzEYdt5 | https://soundcloud.com/steevm/
- KVRist
- Topic Starter
- 477 posts since 30 May, 2018
Ok, makes sense, I do use the same login and password on a few sites.sjm wrote: ↑Wed Dec 18, 2019 10:40 pm It presumably means that the password you use has been used on a site that has been compromised. It may have been you reusing a password, or someone else using the same password. Either way, that suggests that your password in and of itself may not be a good one. It doesn't mean that KVR has been breached, just that a site out there was breached where someone was using the same password.
Reaper (win), i7-7700k, 16GB
-
- KVRian
- 1286 posts since 7 Dec, 2013 from Earth
That's a bad habit. I strongly suggest using a password manager and randomly generated passwords that are different for each site.MasterTuner wrote: ↑Wed Dec 18, 2019 10:45 pm Ok, makes sense, I do use the same login and password on a few sites.
- KVRist
- Topic Starter
- 477 posts since 30 May, 2018
I just have the same passwords on forum sites basically and ones that "don't matter" that much. For my bank and financial stuff my passwords are unique and very complex.Reefius wrote: ↑Thu Dec 19, 2019 3:54 pmThat's a bad habit. I strongly suggest using a password manager and randomly generated passwords that are different for each site.MasterTuner wrote: ↑Wed Dec 18, 2019 10:45 pm Ok, makes sense, I do use the same login and password on a few sites.
Reaper (win), i7-7700k, 16GB
- Rad Grandad
- 38044 posts since 6 Sep, 2003 from Downeast Maine
all lower case? Asking for a friend
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.
- Rad Grandad
- 38044 posts since 6 Sep, 2003 from Downeast Maine
that's not unique nor very complex
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.
-
- KVRAF
- 1530 posts since 13 Dec, 2016