Has there been a data breach on KVR (I get a message advising a password change) ?

Any problems with the site? How can we improve KVR?
RELATED
PRODUCTS

Post

I went to KVR this morning and my Chrome browser pops up a window that says there's been a data breach on KVR and I should change my password here.

Anyone else had that?
Reaper (win), i7-7700k, 16GB

Post

Not me :shrug:
Got any suspicious plugins in Chrome that could have made this report?
We are the KVR collective. Resistance is futile. You will be assimilated. Image
My MusicCalc is served over https!!

Post

Did you check the e-mail address it came from?
My solo projects:
Hekkräiser (experimental) | MFG38 (electronic/soundtrack) | The Santtu Pesonen Project (metal/prog)

Post

AsPeeXXXVIII wrote: Wed Dec 18, 2019 4:29 pm Did you check the e-mail address it came from?
It was a pop-up when I visited KVR.
But it didn't happen for a couple of days.
I do have Click&Clean Chrome browser extension installed. Its a security thing:
https://chrome.google.com/webstore/deta ... mamedcbeod
Reaper (win), i7-7700k, 16GB

Post

ftr it could just be a thing they do, I mean it's good advice no? However, if they know the age of your passwords? Not good. This is the first time this issue came up that I can recall.

With that said I think it might get a little more proper attention in the site stuff forum but I'll leave a shadow here :)
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.

Post

Here's the message I get, just got it now.
Image
Reaper (win), i7-7700k, 16GB

Post

Is it this?

https://www.wired.com/story/chrome-79-password-check/
All of these Password Checkup features work for people who have their username and password combos saved in Chrome and have them synced to Google's servers. Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.
It presumably means that the password you use has been used on a site that has been compromised. It may have been you reusing a password, or someone else using the same password. Either way, that suggests that your password in and of itself may not be a good one. It doesn't mean that KVR has been breached, just that a site out there was breached where someone was using the same password.

(Though I only skim read the article, the way these things work is that your hashed password is compared to the hash of a known (leaked) password; so I'm guessing that's whats going on here.)
Last edited by sjm on Wed Dec 18, 2019 10:46 pm, edited 1 time in total.

Post

sjm wrote: Wed Dec 18, 2019 10:40 pm It presumably means that the password you use has been used on a site that has been compromised. It may have been you reusing a password, or someone else using the same password. Either way, that suggests that your password in and of itself may not be a good one. It doesn't mean that KVR has been breached, just that a site out there was breached where someone was using the same password.
Ok, makes sense, I do use the same login and password on a few sites.
Reaper (win), i7-7700k, 16GB

Post

MasterTuner wrote: Wed Dec 18, 2019 10:45 pm Ok, makes sense, I do use the same login and password on a few sites.
That's a bad habit. I strongly suggest using a password manager and randomly generated passwords that are different for each site.

Post

Reefius wrote: Thu Dec 19, 2019 3:54 pm
MasterTuner wrote: Wed Dec 18, 2019 10:45 pm Ok, makes sense, I do use the same login and password on a few sites.
That's a bad habit. I strongly suggest using a password manager and randomly generated passwords that are different for each site.
I just have the same passwords on forum sites basically and ones that "don't matter" that much. For my bank and financial stuff my passwords are unique and very complex.
Reaper (win), i7-7700k, 16GB

Post

MasterTuner wrote: Thu Dec 19, 2019 4:19 pm my passwords are unique and very complex.
all lower case? Asking for a friend :hihi: :clown: :oops:
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.

Post

Hink wrote: Thu Dec 19, 2019 6:42 pm
MasterTuner wrote: Thu Dec 19, 2019 4:19 pm my passwords are unique and very complex.
all lower case? Asking for a friend :hihi: :clown: :oops:
"p455w0rd5".

Post

that's not unique nor very complex :P
The highest form of knowledge is empathy, for it requires us to suspend our egos and live in another's world. It requires profound, purpose‐larger‐than‐the‐self kind of understanding.

Post

vurt wrote: Thu Dec 19, 2019 7:23 pm
Hink wrote: Thu Dec 19, 2019 6:42 pm
MasterTuner wrote: Thu Dec 19, 2019 4:19 pm my passwords are unique and very complex.
all lower case? Asking for a friend :hihi: :clown: :oops:
"p455w0rd5".
reported!

Post

Hink wrote: Thu Dec 19, 2019 7:37 pm that's not unique nor very complex :P
i figured he was bluffing :shrug:

Post Reply

Return to “Site Stuff”