List of email accounts for which passwords have been made public

Brendan Burgess · #1 15-05-2009, 03:25 PM

Check this list.

Send the link to any of your friends who are on the list and tell them to change their passwords immediately.

Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check.

see this thread for more information

http://www.askaboutmoney.com/showthread.php?t=112778

Brendan

Latrade · #2 15-05-2009, 03:34 PM

Thanks.

What's interesting is last week using hotmail mobile I would end up accessing a different user's account each time I logged in. I emailed those people to let them know of the problem and a couple of those addresses are listed.

car · #3 15-05-2009, 04:02 PM

a load of those accounts and passwords are real. Is that from the list of the facebook hackers?

NicolaM · #4 15-05-2009, 04:29 PM

Do you have any sensitive information on your emails?
Eg: bank account details, passwords from other sites (eg password confirmations etc)?

If so, you need to get onto your bank asap/change any other passwords.
I'm not sure what else you might need to do.

Nicola

JoeBallantin · #5 15-05-2009, 06:00 PM

Hmmm, this is not straightforward..

For example, one of the poisoned emails is webmaster@myjob.ie ... now I have advertised on that site before.... so someone may have access to my password and login for that site as it may have been sent from the poisoned email.. if so they can list jobs which appear to come from me...

Lauren · #6 15-05-2009, 08:52 PM

Thanks Brendan, an old email address of mine is there....Just made the necessary changes to it..

allthedoyles · #7 15-05-2009, 09:35 PM

When choosing a password always use a combination of letters and numbers and a combination of capital letters and small letters .Also use the spacebar one in between 2 letter passwords .

For example if you choose ' brian cowen ' as your password , you could make it look like this .........Br1an c0waN ( will be encrypted of course )

That is capital B - number 1 -space bar - zero instead of O and capital N at the end .
NEVER click on a link from an email, to an important website where you need to enter a user name and password .

If you use a decent Anti-Virus , you will also have phishing protection . This will indicate that the Web page address and content have been analyzed and found authentic

blacknight · #8 18-05-2009, 09:05 AM

Quote:

Originally Posted by Brendan

Check this list.

Send the link to any of your friends who are on the list and tell them to change their passwords immediately.

see this thread for more information

http://www.askaboutmoney.com/showthread.php?t=112778

Brendan

It's not a list of email account passwords

It's a list of email addresses and passwords for a website eg. Amazon uses email address + password as do thousands of other sites

Stop trying to scare your members

car · #9 18-05-2009, 09:16 AM

Sorry Blacknight, it is a list of emails and passwords.

I tried several gmail and yahoo usernames and passwords and was succesful with login.

jhegarty · #10 18-05-2009, 09:18 AM

Quote:

Originally Posted by car

Sorry Blacknight, it is a list of emails and passwords.

I tried several gmail and yahoo usernames and passwords and was succesful with login.

You are presuming that people use different passwords for their email address and registering with websites.

Lots don't.

Brendan Burgess · #11 18-05-2009, 09:28 AM

I have edited the OP as follows which I think clarifies the matter:

Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check.

car · #12 18-05-2009, 09:36 AM

Quote:

Originally Posted by jhegarty

You are presuming that people use different passwords for their email address and registering with websites.

Lots don't.

Oh agreed, let me rephrase, I do understand what the list is, I was trying to emphasise that it is a list of emails and it is a list of passwords. Some people use the same login details same for all online accounts be it email/amazon/online shops etc, some dont.

Blacknights post suggesting that

Quote:

It's not a list of email account passwords

seems to me to be presuming that all users dont the same details which isnt true.

Brendan, I wouldnt have posted the list either, I wouldnt place too much blame as you may not have been aware but forum posted emails are gathered by spam robots, probably too late now.

blacknight · #13 18-05-2009, 11:35 AM

Quote:

Originally Posted by Brendan

I have edited the OP as follows which I think clarifies the matter:

Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check.

That's a lot better, though I still don't agree with my email address being on that list. Please remove it if you haven't done so already

Brendan Burgess · #14 18-05-2009, 11:36 AM

There is a balance of risks here.

There is a risk that a bot will take these email addresses from askaboutmoney and spam them. This is only a risk if they have not already been harvested from the original site.

There is a much more serious risk that some of the people on the list will have their email accounts accessed without their knowing it.

If anyone wants their name removed from this list, send me an email from the account to burgess7ateircomdotnet

Brendan

blacknight · #15 18-05-2009, 11:38 AM

If you put the list on a member only forum you mitigate the issue of bots to some degree, as they won't be able to crawl it

mickeyboymel · #16 18-05-2009, 12:52 PM

It Seems The Website which was hacked has addmitted responsibility: My address was on the list and I have just got this through from them:

Quote:

It has come to our attention recently that one of our servers was hacked. A list of names, email addresses and passwords of our customers appeared on a hacker website on the internet. This account was one of those on the list. The website removed the page but a cached page was still available. Fortunately we do not hold credit card information on our servers, this is held by our credit card processing company. We suspect that this was a graffiti type attack. We have since introduced a more stringent password policy and passwords are now encrypted using the latest techniques. We want to sincerely apologise for any distress this may cause and want to reassure you that we will work hard to make sure this does not happen again. We recommend you login immediately and change your password to reduce the affect of the security breach.

jhegarty · #17 18-05-2009, 01:07 PM

So who was the site ? (so I know never to register with them)

Brendan Burgess · #18 18-05-2009, 01:22 PM

Now that the company involved has emailed its customers, I have removed the list from public view.

Brendan

mickeyboymel · #19 18-05-2009, 02:48 PM

Quote:

Originally Posted by jhegarty

So who was the site ? (so I know never to register with them)

Is it ok to name the company on here?

Smashbox · #20 18-05-2009, 02:52 PM

I'd sure like to know who it was