54
I don't know what to do with this information (lemmy.world)
submitted 5 days ago by TheTwelveYearOld@lemmy.world to c/privacy@lemmy.ml
42 comments fedilink hide all child comments
top 42 comments
sorted by: hot top controversial new old
[-] Wolfie@lemm.ee 1 points 1 day ago

Stealer logs is pretty bad. Very bad to be fair. It means your computer is infected and have stolen all your saved passwords.

Reinstall your operating system completely. Take note of your accounts and change all their passwords. Start with your email address as its the most important one.

[-] drspod@lemmy.ml 55 points 5 days ago

This breach is worse than just a website's database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.

Before changing all of your passwords (and setting up a password manager if you don't already use one) you need to identify which of your devices was compromised and wipe it.

If you change all your passwords from the compromised device then the malware will just record all of your new passwords.

[-] MrPoopbutt@lemmy.world 12 points 4 days ago

How would one identify which device was compromised?

[-] tetris11@lemmy.ml 11 points 3 days ago

Turn off your computer and make sure it powers down. Toss it in a 43-foot hole in the ground. Bury it completely rocks and boulders should be fine. Then burn any clothes you may have worn any time you were onliiiine

[-] EntirelyUnlovable@lemmy.world 9 points 3 days ago

Wait a sec my grandmother is calling me about some pictures I apparently sent her

[-] Jollyllama@lemmy.world 6 points 3 days ago

Instructions unclear, I don't speak Swahili

[-] Sebo@lemmy.one 2 points 3 days ago

That advice is a bit too weird;)

[-] stinky@redlemmy.com 17 points 4 days ago

Assume all of them are infected.

[-] Cycle0861@lemmy.world 4 points 4 days ago

Which password manager is good? I use Bitwarden but it would take forever to change all my passwords inside of it

[-] arthur@lemmy.zip 9 points 4 days ago

Bitwarden have a good balance of security, price and convenience. If you want more control and less convenience, KeePass.

[-] fine_sandy_bottom@discuss.tchncs.de 5 points 3 days ago* (last edited 3 days ago)

Keepassxc

The best IMO because it's just a client you install on a device which reads an encrypted data file you can sync how you like.

This way it's not a hoard like lastpass or bitwarden.

[-] arthur@lemmy.zip 1 points 3 days ago

And keepass2Android

[-] Cethin@lemmy.zip 2 points 3 days ago

Personally, I use KeePassDX for my android client, but either works. I use Syncthing to sync changes between devices, though I think the android version of that stopped being supported a few months back, but it still works fine for now.

[-] med@sh.itjust.works 1 points 3 days ago

I am doing the same, all I need is keepassdx to support passkeys now

[-] thegreatgarbo@lemmy.world 1 points 4 days ago

Any thoughts on 1Password?

[-] arthur@lemmy.zip 2 points 3 days ago

Last time I used it was very convenient, but the price was too high for me. Besides that, I bought 1pass when was possible to buy once and have it forever, since then, they made increasingly harder to access it if you bought instead of use as a paid service. That's why I made the change to KeePass. The only thing that 1pass offers that could justify their business model as a service is sync on multiple devices, and bitwarden does that as well. KeePass don't, but you can make it happen with free Dropbox for example.

[-] italics2@lemmy.world 1 points 3 days ago

I had an internship a couple years back at a web development startup that used it. Seemed to work just fine.

[-] AtariDump@lemmy.world 2 points 4 days ago

Bitwarden.

[-] kekmacska@lemmy.zip 4 points 3 days ago

There was a steam breach too, i changed my email and password for steam as well

[-] italics2@lemmy.world 4 points 3 days ago

Can you provide your source (no pun intended)?

[-] kekmacska@lemmy.zip 1 points 2 days ago* (last edited 2 days ago)
[-] italics2@lemmy.world 1 points 6 hours ago

That would mean you have a virus on your PC not that Steam DB has been breached, right?

[-] BlackEco@lemmy.blackeco.com 6 points 5 days ago

For those wondering what this is Troy Hunter (HIBP founder) wrote an article on this new feature.

[-] beefbot@lemmy.blahaj.zone 4 points 4 days ago

That’s a great pseudonym, if it is one. Troy Hunter, i.e. hunter of trojans. Fantastic

[-] countrypunk@slrpnk.net 6 points 5 days ago* (last edited 5 days ago)

Assuming this email is legit, the best thing that you can do is change as many of your passwords as possible to be unique and complex. You may also want to consider deleting old email addresses and getting new ones. Alternatively you can separate your emails addresses by having one for signing up for spammy services, one for personal stuff, one for work/school, etc. Try not to have much overlap between them all.

Edit: I also highly recommended using a temporary email for signing up for stuff whenever possible. I always use this one , but there are plenty of others too.

[-] foremanguy92_@lemmy.ml 2 points 5 days ago

I kinda like https://yopmail.com/ as it's much more customizable

[-] nossaquesapao@lemmy.eco.br 2 points 5 days ago

I like grr.la because I can sign in into the services with any random name @grr.la before opening the temporarily mail site, and sometimes I find out that it wasn't required to confirm the mail, saving some time

[-] amzd@lemmy.world -2 points 4 days ago

I also highly recommended using a temporary email for signing up for stuff whenever possible.

This is the worst security advice I have ever heard. Now someone doesn’t even need to get your password, just your email and they can just use the temporary email provider to reset your password?

[-] domdanial@reddthat.com 4 points 4 days ago

For services that are throwaway, this is fine. I don't care if someone gains access to my ice cream rewards account, they don't have anything else important. And I believe these services only last 10 minutes, meaning you can't password reset them because the inbox doesn't exist.

[-] helpImTrappedOnline@lemmy.world 5 points 5 days ago

Password manager, and use different randomly generated passwords.

The real danger is having the same password everywhere.

Also pay attention to where you save your payment info.

Everything I do online is through Privacy.com, with limits for each vendor. My amazon gets hacked? Most I'm out is $100, steam gets hacked, there goes $60. A subscription tries to double charge, lol no. Free trial wants to auto-bill me after 7 days, its not happening. Funneling everything through them isn't 100%, but at least they're not paypal, I get notified when ever even a 1 cent charge happens and I'm not leaving my bank card on a dozen random sites I'll eventually loose track of.

[-] stinky@redlemmy.com 3 points 4 days ago

What if my chosen service doesn't allow me to change passwords that frequently?

[-] CosmicGiraffe@lemmy.world 1 points 3 days ago

It's not that you change the passwords for each website often, it's that you use a different password for each site. That way if one site gets hacked and your password is leaked, it can't be used to access your accounts on other sites.

[-] nichtburningturtle@feddit.org 2 points 5 days ago

Sadly I don't know of an alternative operating in Europe.

[-] Cris16228@lemmy.today 1 points 5 days ago

Revolut? I think you can create cards the same way

[-] frazorth@feddit.uk 1 points 4 days ago

I do this. However I also hit the limit of disposable cards.

Turns out to not be as many as I would have thought.

[-] Cris16228@lemmy.today 2 points 4 days ago

Didn't know that! Not using it but I heard you can then they decided to ban more secure custom ROMs 🤷‍♂️

[-] Sebo@lemmy.one -1 points 3 days ago

This is really scary can you think of anything that infected your devices and stole your data? I heard about a massave data leak a weak ago :(

[-] targetx@programming.dev 3 points 3 days ago

That's not what happened

[-] Sebo@lemmy.one 1 points 3 days ago

i get confused easy

[-] psmgx@lemmy.world 2 points 5 days ago

Start changing passwords mon ami

Get a password manager and just start going from site to site and change em up. Use strong ones and store them in the pass manager. Start with critical ones like banks, email accounts, and government stuff, and then keep going..

[-] gregor@gregtech.eu 0 points 5 days ago

Bitwarden is great, you can also optionally self-host it with vaultwarden.

[-] NeuronautML@lemmy.ml 1 points 4 days ago* (last edited 4 days ago)

I personally also suggest KeePass2 for an offline vault storage that you can use with Syncthing to synchronize so the data never leaves your devices.

It's worth mentioning that both these programs are subject to leaks in machines infected with malware like OP's was, so maybe if malware is a problem you deal with regularly, i suggest the online options.

this post was submitted on 14 Jan 2025
54 points (95.0% liked)

Privacy

32179 readers
924 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz