this post was submitted on 09 Nov 2025
507 points (96.7% liked)

Technology

76774 readers
3036 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
507
God ****** dammit, here we go again (lemmy.world)
submitted 3 days ago by Kyrgizion@lemmy.world to c/technology@lemmy.world
170 comments fedilink hide all child comments
 

Use the "passwords" feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They'll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.

you are viewing a single comment's thread
view the rest of the comments
[–] Joeffect@lemmy.world 21 points 3 days ago (2 children)

Don't download shit from random websites... make sure its from legit places...

[–] tburkhol@lemmy.world 7 points 3 days ago (3 children)

legit places…

My university, 23andMe, Transunion, Equifax, CapitalOne, United Healthcare...

[–] AbidanYre@lemmy.world 11 points 3 days ago

You shouldn't download KeePass from any of those.

[–] Joeffect@lemmy.world 8 points 3 days ago

Legit means the keepass website... those are not legit places to download the password manager

[–] Blackfeathr@lemmy.world 4 points 3 days ago

Yeah UHC sold my data as soon as I was put under their coverage. Now I get so many phishing emails pretending to be from UHC.

[–] Kyrgizion@lemmy.world 4 points 3 days ago (2 children)

These kinds of breaches are at the site level. Not much you can do as a regular user if the company doesn't hash or salt their passwords, for example.

[–] Pika@sh.itjust.works 9 points 3 days ago* (last edited 3 days ago)

I believe they are replying to the article you posted in regards to the download from legit sites comment, not the fact that the sites have shit web practices (which while correct is a different thing).

To the people who didn't read the article posted in the comment prior, basically the software installed wasn't the legitimate software, it was a modified software that was a trojan that was forwarding passwords stored in the keepass database to a home server.

That's not something that the sites are going wrong, nor is it the password managers fault. That's fully the users fault for downloading a trojan.

[–] Joeffect@lemmy.world 4 points 3 days ago

Not from what the article says

involves compromised download links and trojanized versions of the legitimate KeePass application that appear identical to the authentic software on the surface, while harboring dangerous capabilities beneath.