Patreon compromise much worse than first initially feared, Troy Hunt (MS MVP and creator of Have I B - Polidicks

[url]http://www.theregister.co.uk/2015/10/02/patreon_attackers_drop_data_expose_users/[/url] [quote=The Register]The attackers that compromised Patreon have dumped the data on various bin sites. It's perhaps a small irony that one of the dumps has landed on Mega, the Kim Dotcom-founded file-store that calls itself “The Privacy Company” (note: Dotcom is no longer involved with the business and says people should avoid it*). Microsoft security bod Troy Hunt has promised an analysis of the data, but warns it's a big dump that might take some time. His short take on Twitter is that the dumps look like the real thing.[/quote] His tweets in chronological order of findings: [url]https://twitter.com/troyhunt/status/649738915058847745[/url] [url]https://twitter.com/troyhunt/status/649761852101029889[/url] [url]https://twitter.com/troyhunt/status/649767002781847552[/url] [url]https://twitter.com/troyhunt/status/649775464412676096[/url] [url]https://twitter.com/troyhunt/status/649777925206573056[/url] [url]https://twitter.com/troyhunt/status/649778579102830592[/url] [url]https://twitter.com/troyhunt/status/649778917616685057[/url] [url]https://twitter.com/troyhunt/status/649779576755716096[/url] [url]https://twitter.com/troyhunt/status/649783570467176448[/url]

Sad days for patreon.

so would they have my password? i assume my paypal would be safe

[QUOTE=Ninja Gnome;48806955]so would they have my password? i assume my paypal would be safe[/QUOTE] [QUOTE] There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon.[/QUOTE] [URL="https://www.patreon.com/posts/important-notice-3457485"]https://www.patreon.com/posts/important-notice-3457485[/URL] They say its protected by an encryption.

Whatever the case is, change your password doesn't matter if they 'claim' to have a hyper-secure anything that is based off of a quadriple encrypted 50 billion digit high ascii code that randomizes every microsecond best to change your password no matter how serious a leak is

[QUOTE=J!NX;48806984]Whatever the case is, change your password I don't care if they have a hyper-secure anything that is based off of a quadriple encrypted 345634 digit high ascii code that randomizes every millisecond best to change your password no matter how serious a leak is[/QUOTE] It's always a good idea to change passwords at least for every 3 months, regardless if it's protected by an encryption or not.

[QUOTE=Rob3k;48807006]It's always a good idea to change passwords at least for every 3 months, regardless if it's protected by an encryption or not.[/QUOTE] pretty much yeah if you hear about a leak, you can use it as an excuse to change your password

[QUOTE=Rob3k;48807006]It's always a good idea to change passwords at least for every 3 months, regardless if it's protected by an encryption or not.[/QUOTE] For your master password and any passwords that are used multiple times, yes. But for one time website specific ones, absolutely no reason; only change it when it needs to be such as here.

This actually makes me feel good that I started using a password manager with large unique passwords for every website I got an account for.

[QUOTE=kaukassus;48807661]This actually makes me feel good that I started using a password manager with large unique passwords for every website I got an account for.[/QUOTE] You use a program for this? Or write them down

[QUOTE=EvilMattress;48807685]You use a program for this? Or write them down[/QUOTE] [QUOTE=kaukassus;48807661]This actually makes me feel good that I started using a [B]password manager[/B] with large unique passwords for every website I got an account for.[/QUOTE] Implied program, probably KeePass or LastPass.

[QUOTE=glitchvid;48807702]Implied program, probably KeePass or LastPass.[/QUOTE] Neat, might look into it. I've made a bad habit of using the same password for most of my non-banking related stuff.

[QUOTE=glitchvid;48807702]Implied program, probably KeePass or LastPass.[/QUOTE] KeePass it is for me. Great Piece of software. Lastpass is pretty good too, but lacks certain functionalities I need (Attach Files to Login entry, able to add logins for things other than websites, etc...) Also I like to have PW storage local/offline if possible.