Bad news for all. Reminder that everybody needs to use dedicated password managers these days. **This dump is now infamously known as “the Naz.api stuffing list.” **
Deep dive:
YCombinator Discussion:
Enter your E-Mail ID here to check if you’re part of the leak:
Are you a Hathway consumer? There is yet-another-bad-news for you. In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website.
Relevant Reading:
Enter your E-Mail ID here to check if you’re part of the leak:
If I am not mistaken wasn’t a popular password manager was hacked few months back? I don’t remember the exact name but it wasn’t 1pass that my company uses (thats how I remember). Secondly how trustworthy are these checking websites if unknowingly we are providing more information to them by checking our emails
why anyone needs a pw manager ?
sorry it could be just me, but i fail to understand the need of a pw manager. where its can be just a simple logical pattern.
my shortest length of password would be 15char, unique for each site. no repetition in any site and non of them contains dictionary words.
based on my pattern, i make my password and check strength here
my weakest password would need minimum "1 billion years’ to crack according to this calculation.
Edit - here is one of my real password- Jib@ntoM@nush1958 - if one detect the pattern he understand which services it is related to and its too easy for me to change the password in the same pattern, let’s say every 6 month, i would never run out of options.
so please remind me again why everyone in this earth need password manager ?
— About data breach –
nothing beats cowIN & adhar data breach.
Adhar data breach is like software upgrade cycle -
Another advantage is if you have an autofill plugin in your browser, it’s very easy to detect fake phishing sites. The plugin will autofill only on the real domain. There was this fake steam site that even I couldn’t tell was fake, but when the autofill wouldn’t work, I got wise.
How many of your unique passwords would you remember all the time? I have nearly 500 unique entries in my password manager as of now and there is no way I was going to remember them unless I created a pattern.
The moment you start repeating, a single leak opens up a portal to multiple sites. If uniqueness is based only on symbols or characters, that is easy to cycle through.
As someone else mentioned, cross-platform auto-fill with site verification is a positive as is leak detection. Also, easy login makes it easier to not have cookies stored for most sites, reducing tracking.
May be passkeys will be the bigger step forward for most users.
what are yall’s recommendations for password managers? I am pretty iffy after lastpass breach and self hosting is too expensive, I have just enabled mfa and have linked it to a Gmail id which in turn needs 2fa to be accessible and the password for that is around 15-20 characters even if they are duct words combined.
any advice for this approach?
If you’re using Gmail or have an Android, you should be using Chrome’s auto fill to save your passwords. The advantage of this is:
your passwords are sync’d across your devices, including Chrome on PC
GBoard on Android will let you auto fill the credentials on any app
added bonus is whenever a new sign in is detected on your account, your device will show you a notification
You end up using longer, random, patternless passwords for everything. And if there’s ever a Gmail leak, you’re gonna lose all your other accounts linked to it anyway.
Another non-Google option is using something like KeePass.
On PC you use an app + browser plugin
On Android you use a dedicated keyboard app which can auto type credentials directly to any app
You can customize the character set and length for password auto generation. Some sites don’t allow certain symbols, so easy to remove them from the set
You can save other relevant data/notes apart from username & password
The issue here is the encrypted database file needs to be sync’d between PC & phone manually. You could put it on your GDrive, or set up an FTP on your home network to have auto sync. The obvious advantage is you are in full control of your database + decrytion key, so leaks are less likely/targeted than cloud based services.
website. I found out one of my accounts was leaked in Dubsmash leak which happened in 2018. Thank goodness I have been using Bitwarden for a long time and changed all of my passwords.
Btw, I highly recommend Bitwarden as PW manager, it’s open source and comes with a lot of useful features.
[HEADING=2]boAt loses data of 7.5 million customers after being Hit with massive data breach[/HEADING]
Customer data for over 7.5 million boAt customers has appeared on the dark web. Personally identifiable information (PII)—like name, address, contact number, email ID, customer ID and more—is available for purchase. The threat actor has leaked around 2GB of data on the forum.
