You have been hacked

[Lucky8]

And by consequence, me too. I received a warning about my lame leaked password last weak. No surprise since it is pretty normal to find leaded passwords packets on sale. But this was last week and today a new warning. So either, the password monitor is not working or you need to remove that trojan from the website.

 

[Hachi_Roku256563]

Ive had no problem
possibly you have malware on your system itself

 

[ZenZimZaliben]

Maybe you should have asked - "Anyone else seeing this? No? Okay must be my PC then." LOL. Stop going to untrustworthy sites you might frequent...for reasons.

 

[3x0]

possibly you have malware on your system itself

His password manager alerted him that his email/password that has been used on TPU has been found online, from what I can see.
Meaning, someone hacked the TPU database and our info is up for sale.

 

[Count von Schwalbe]

It is cut off slightly, however it appears that you might be using a password manager extension?

Those don't have a great track record lately (LastPass has been hacked 3 times in the past couple of months).

@W1zzard maintains a pretty tight ship, I doubt the problem is on TPU's side.

 

[Kodehawa]

His password manager alerted him that his email/password that has been used on TPU has been found online, from what I can see.
Meaning, someone hacked the TPU database and our info is up for sale.

Or he reused a password from another place that had a leak. My password here isn't in any places that have password dumps as of today (and it's unique), so I would discard it being a TPU db leak.

 

[ZenZimZaliben]

My guess is there are probably some Trojans in the "Girls" folder.

 

[Solaris17]

No issues here. Looks like you used that USN and pass here, and the password manager is telling you that that combo has been found. Correlation doesn't equal causation.

 

[3x0]

Or he reused a password from another place that had a leak. My password here isn't in any places that have password dumps as of today (and it's unique), so I would discard it being a TPU db leak.

Yup, haven't considered people still re-use passwords across sites...

 

[ThrashZone]

Hi,
Don't use edge and you might not catch malware

 

[Regeneration]

And by consequence, me too. I received a warning about my lame leaked password last weak. No surprise since it is pretty normal to find leaded passwords packets on sale. But this was last week and today a new warning. So either, the password monitor is not working or you need to remove that trojan from the website.

View attachment 285984

Your username (email address) and password combo was probably caught by another site that got hacked.

If TPU was hacked, everyone here would get alerts by their browsers.

I advise against using one password for all websites. Use KeePass and generate password per each website.

 

[R-T-B]

His password manager alerted him that his email/password that has been used on TPU has been found online, from what I can see.
Meaning, someone hacked the TPU database and our info is up for sale.

yeah, no, or my password would be there too and it ain't.

 

[3x0]

yeah, no, or my password would be there too and it ain't.

Yeah, sure, my mistake to assume he doesn't reuse his passwords.

 

[Lucky8]

His password manager alerted him that his email/password that has been used on TPU has been found online, from what I can see.
Meaning, someone hacked the TPU database and our info is up for sale.

You got it. Why people has this ignorant attitude towards a serious business as security. Why people don't know what a password monitor does?
Thank you !

Your username (email address) and password combo was probably caught by another site that got hacked.

If TPU was hacked, everyone here would get alerts by their browsers.

I advise against using one password for all websites. Use KeePass and generate password per each website.

Well actually Edge is pretty safe. Specially in the way it is configured on my workstation . I respect truly your decision to trust KeePass but for me, I don't known who sponsors them. I mean, is not that Microsoft is a saint keeping my password safe for free but at least is only one and usually they better keep the data for them.

Yeah, sure, my mistake to assume he doesn't reuse his passwords.

I don't. They are strongly generated passwords .

Hi,
Don't use edge and you might not catch malware

My system is clean and Edge is virtually isolated

My guess is there are probably some Trojans in the "Girls" folder.

That's my two daughters bookmarks

 

[droid-I]

I have never really been into these automated "password managers", and I can tell you, have quite many pw to keep track of in my mind, so far so good.
Trouble of course if need some entry like once in a year, then the grey cells in the mind will run at higher speed.
(and one thing about TPU forum, when logging in, defaults "to stay logged in", have to tick that off).

 

[nomdeplume]

That's my two daughters bookmarks

I commend your restraint dealing with this very directly and calmly.

 

[Regeneration]

You got it. Why people has this ignorant attitude towards a serious business as security. Why people don't know what a password monitor does?
Thank you !



Well actually Edge is pretty safe. Specially in the way it is configured on my workstation . I respect truly your decision to trust KeePass but for me, I don't known who sponsors them. I mean, is not that Microsoft is a saint keeping my password safe for free but at least is only one and usually they better keep the data for them.



I don't. They are strongly generated passwords .



My system is clean and Edge is virtually isolated



That's my two daughters bookmarks

KeePass is a free open source password manager that is offline and without any internet connectivity.

The passwords are saved in a encrypted database on your computer. You just have to remember one password.

 

[Lucky8]

Well, try a thousand

Sometimes you just need it. I agree tho, I'm not into passwords managers too. I use the built into browser one because it is safer. They got to go trough my MS credentials before being able to reach the rest of the passwords. Of course that's not ideal either but the second option is to trust a 3rd party software that could be hijacked in many ways. So I got what you mean but still , sometimes you just a little help

It is cut off slightly, however it appears that you might be using a password manager extension?

Those don't have a great track record lately (LastPass has been hacked 3 times in the past couple of months).

@W1zzard maintains a pretty tight ship, I doubt the problem is on TPU's side.

Yes. I recall it. That's why I don't trust external apps, sites or extensions. Only using the browser built-in password manager

 

[Regeneration]

Well, try a thousand


View attachment 286013


Sometimes you just need it. I agree tho, I'm not into passwords managers too. I use the built into browser one because it is safer. They got to go trough my MS credentials before being able to reach the rest of the passwords. Of course that's not ideal either but the second option is to trust a 3rd party software that could be hijacked in many ways. So I got what you mean but still , sometimes you just a little help



Yes. I recall it. That's why I don't trust external apps, sites or extensions. Only using the browser built-in password manager

It is more likely to hack the browser's password database than some local 3rd party software that doesn't interact with any network or website.

 

[Lucky8]

It is more likely to hack the browser's password database than some local 3rd party software that doesn't interact with any network or website.

Due to the nature of how it works ( at least in Edge ) , it is harder. It has the same difficulty has retrieving a System credential ( In Windows 11, with lsass protection and a couple of extra layers of security, like virtualization and isolation).
There are ways, into tricking the user to think he just downloaded what he was supposed to. A lot of people feel confident by having a MD5 has match .

Maybe you should have asked - "Anyone else seeing this? No? Okay must be my PC then." LOL. Stop going to untrustworthy sites you might frequent...for reasons.

It is what I do. And someone has to

Ive had no problem
possibly you have malware on your system itself

Hardly but won't be so cocky to tell it is impossible . But it is just improbable .

I commend your restraint dealing with this very directly and calmly.

It is not the first time it has been suggested so I can understand the confusion

 

[tabascosauz]

Due to the nature of how it works ( at least in Edge ) , it is harder. It has the same difficulty has retrieving a System credential ( In Windows 11, with lsass protection and a couple of extra layers of security, like virtualization and isolation).
There are ways, into tricking the user to think he just downloaded what he was supposed to. A lot of people feel confident by having a MD5 has match .

It is what I do. And someone has to

Hardly but won't be so cocky to tell it is impossible . But it is just improbable .

When was the last time you changed your password on here? Good opportunity to make sure you have 2FA setup, while you change your password

Just checked in with Edge, a couple new sites on the list but no notifs about TPU credentials being leaked here. I use a Keepass database, TPU password is generated

Might as well get bossman's attention @W1zzard

 

[oinkypig]

only way to n

When was the last time you changed your password on here? Good opportunity to make sure you have 2FA setup, while you change your password

Happened once. reset old pass. immediately after got same alert from new pass. setup 2 step verification and another new pass. no problem

 

[W1zzard]

Might as well get bossman's attention @W1zzard

Thanks for pinging me. Actually I've seen a downtick in hacked accounts in recent weeks (I get a copy of the "Login from a new location email" that is sent when a login happens for an account more than x km away from previous logins, I wrote the addon).

 

[Dr. Dro]

If it's on any known leaked online database, you will find it on HIBP alongside when and where it originated:

Have I Been Pwned: Check if your email address has been exposed in a data breach

Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.

haveibeenpwned.com

HIBP reports my primary email (and the one I use on TPU) as uncompromised, though I did receive some funny spam the other day (by no means linked to TPU!) raving about how they had been stalking me for weeks and demanded 1.9 BTC or they would leak whatever filth I had been looking at online

I would not worry too much about it, mate. If anything to stay safe, I would run a malware scan and then look at migrating security from Microsoft Edge onto Bitwarden though. It's a lot more flexible, and slightly more secure than having it behind your Microsoft account, IMO.

KeePass and other offline vault solutions are unwieldy and of higher risk of data loss by accident, so I wouldn't recommend them when Bitwarden exists. Still, they might have their uses if your tin foil game is up there

 

[Frick]

Thanks for pinging me. Actually I've seen a downtick in hacked accounts in recent weeks (I get a copy of the "Login from a new location email" that is sent when a login happens for an account more than x km away from previous logins, I wrote the addon).

How does that work these days? At work we don't have a dynamic IP, but the location vary from the actual workplace and a place 1500km away. Same with my mobile phone, it often lists my IP location as Stockholm, even when I'm 1000km north of there.