News Data breaches and password managers discussion

Do you use a dedicated password manager?

  • Yes

    Votes: 32 50.8%
  • No

    Votes: 31 49.2%

  • Total voters
    63

boAt loses data of 7.5 million customers after being Hit with massive data breach​

Customer data for over 7.5 million boAt customers has appeared on the dark web. Personally identifiable information (PII)—like name, address, contact number, email ID, customer ID and more—is available for purchase. The threat actor has leaked around 2GB of data on the forum.


Lot of these upstart don't invest a penny on information security else there won't be any money on degenerate brand ambassador and youtubers.

Edit: This happened a month ago. Other than some tweets and news articles. They have successfully swept this under the rug.
 
Last edited:
  • Like
Reactions: rootyme
For obvious reasons I will not be sharing scam links, if you're so inclined google will help you find them.
fake steam vs real steam.png

Fairly obvious spelling mistake. Fake sites rarely have the correct address.
 
  • Like
Reactions: Stronk
Fairly obvious spelling mistake. Fake sites rarely have the correct address.
If a fake site URL were spelt correctly, it would take you to the legit site...unless your DNS itself was compromised in which case even if the correct URL is typed, the site itself might be fake
 

Cooler Master hit by data breach exposing customer information​

Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.

 
btw folks using bitwarden, just how much do yall trust it? like is it to the level of using it for Bank passwords etc? or is it just like use it for everything but for extremely critical stuff?

I have been thinking of getting their premium plan since it's cheap enough and migrate my passwords there
 
btw folks using bitwarden, just how much do yall trust it? like is it to the level of using it for Bank passwords etc? or is it just like use it for everything but for extremely critical stuff?

I have been thinking of getting their premium plan since it's cheap enough and migrate my passwords there
Trust nothing but your gut feeling. Many use bitwarden, lastpass and others for storing everything but the moment you hear about leak dumps and data breaches, just change the passwords asap.
 
  • Like
Reactions: altair21
btw folks using bitwarden, just how much do yall trust it? like is it to the level of using it for Bank passwords etc? or is it just like use it for everything but for extremely critical stuff?

I have been thinking of getting their premium plan since it's cheap enough and migrate my passwords there
No problems with that. It has proven to be extremely reliable.
Trust nothing but your gut feeling. Many use bitwarden, lastpass and others for storing everything but the moment you hear about leak dumps and data breaches, just change the passwords asap.
Banks force you to change your passwords, at least SBI does once every three months or so.
 
  • Like
Reactions: altair21
  • Haha
Reactions: altair21
like is it to the level of using it for Bank passwords etc?
If you believe in the value of their OSS projects and its quality, I don’t see why you need to doubt here.

I would use it if it weren’t for getting hooked to 1Password couple years back. Though, they have become increasingly worse in terms of quality so I might just move to Proton Pass or Bitwarden depending on how the experience is. But at least, no major security incidents which is giving me some relief so I hope they are at least focused on that front.

And yes I do store all my passwords in there, including banks and other personal info.
 
  • Like
Reactions: altair21
How are you paying for bitwarden? CC gets declined because they want a subscription payment
I’m not, I’m paying for 1Password. Same issue happens when renewing yearly. I get a one-time payment link via their support. Maybe try that if you’re unable to purchase directly.

I used IDFC First WOW CC which is super reliable and is yet to fail me in any international txn scenario. Doesn’t yell at me (for better or worse).
 
  • Like
Reactions: altair21
btw folks using bitwarden, just how much do yall trust it? like is it to the level of using it for Bank passwords etc? or is it just like use it for everything but for extremely critical stuff?

I have been thinking of getting their premium plan since it's cheap enough and migrate my passwords there
There's keepassxc, it's less user friendly but more secure and you'll be in complete control. Also you've to self host and use something like syncthing to sync across your devices.
 
Last edited:
I used keepassxc. It works great but is a bit of configuration. My configuration was Chacha20 with argon2id. Then crank up the iterations, memory and parallelism based on how paranoid your are. I won't say its full proof but the chances of someone hacking your password database would be more of user fault instead of the software getting breached. If you are paranoid you can really crank up the settings of the database. Everything in the software has whitepaper on cryptography. Its a real geeks tool which is why it probably not suited for most users. Also if you forget your master password you will be locked out.

For regular usage bitwarden would be much easier. Free version has all features including sync which is what most services charge for. Using the built in authenticator which comes with premium just means you are putting more eggs in same basket. Yubi key 2fa which is available in premium is great but again if you have a yubi key then there is no need to explain security. Normal 2FA like authenticator apps and FIDO2 work for free version so thats an added layer of security.