this post was submitted on 14 Jan 2025
54 points (95.0% liked)

Privacy

33159 readers
452 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
54
I don't know what to do with this information (lemmy.world)
submitted 2 weeks ago by TheTwelveYearOld@lemmy.world to c/privacy@lemmy.ml
54 comments fedilink hide all child comments
 
top 50 comments
sorted by: hot top controversial new old
[–] drspod@lemmy.ml 55 points 2 weeks ago (3 children)

This breach is worse than just a website's database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.

Before changing all of your passwords (and setting up a password manager if you don't already use one) you need to identify which of your devices was compromised and wipe it.

If you change all your passwords from the compromised device then the malware will just record all of your new passwords.

[–] MrPoopbutt@lemmy.world 12 points 2 weeks ago (2 children)

How would one identify which device was compromised?

[–] stinky@redlemmy.com 17 points 2 weeks ago

Assume all of them are infected.

[–] tetris11@lemmy.ml 11 points 2 weeks ago (3 children)

Turn off your computer and make sure it powers down. Toss it in a 43-foot hole in the ground. Bury it completely rocks and boulders should be fine. Then burn any clothes you may have worn any time you were onliiiine

[–] EntirelyUnlovable@lemmy.world 9 points 2 weeks ago

Wait a sec my grandmother is calling me about some pictures I apparently sent her

[–] Jollyllama@lemmy.world 6 points 2 weeks ago

Instructions unclear, I don't speak Swahili

[–] Sebo@lemmy.one 2 points 2 weeks ago

That advice is a bit too weird;)

[–] Cycle0861@lemmy.world 4 points 2 weeks ago (2 children)

Which password manager is good? I use Bitwarden but it would take forever to change all my passwords inside of it

[–] arthur@lemmy.zip 9 points 2 weeks ago (2 children)

Bitwarden have a good balance of security, price and convenience. If you want more control and less convenience, KeePass.

[–] fine_sandy_bottom@discuss.tchncs.de 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Keepassxc

The best IMO because it's just a client you install on a device which reads an encrypted data file you can sync how you like.

This way it's not a hoard like lastpass or bitwarden.

[–] arthur@lemmy.zip 1 points 2 weeks ago (1 children)

And keepass2Android

[–] Cethin@lemmy.zip 2 points 2 weeks ago (1 children)

Personally, I use KeePassDX for my android client, but either works. I use Syncthing to sync changes between devices, though I think the android version of that stopped being supported a few months back, but it still works fine for now.

[–] med@sh.itjust.works 1 points 2 weeks ago

I am doing the same, all I need is keepassdx to support passkeys now

[–] thegreatgarbo@lemmy.world 1 points 2 weeks ago (2 children)

Any thoughts on 1Password?

[–] arthur@lemmy.zip 2 points 2 weeks ago

Last time I used it was very convenient, but the price was too high for me. Besides that, I bought 1pass when was possible to buy once and have it forever, since then, they made increasingly harder to access it if you bought instead of use as a paid service. That's why I made the change to KeePass. The only thing that 1pass offers that could justify their business model as a service is sync on multiple devices, and bitwarden does that as well. KeePass don't, but you can make it happen with free Dropbox for example.

[–] italics2@lemmy.world 1 points 2 weeks ago

I had an internship a couple years back at a web development startup that used it. Seemed to work just fine.

[–] AtariDump@lemmy.world 2 points 2 weeks ago

Bitwarden.

load more comments (1 replies)
[–] BlackEco@lemmy.blackeco.com 6 points 2 weeks ago (1 children)

For those wondering what this is Troy Hunter (HIBP founder) wrote an article on this new feature.

[–] beefbot@lemmy.blahaj.zone 4 points 2 weeks ago

That’s a great pseudonym, if it is one. Troy Hunter, i.e. hunter of trojans. Fantastic

[–] countrypunk@slrpnk.net 6 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

Assuming this email is legit, the best thing that you can do is change as many of your passwords as possible to be unique and complex. You may also want to consider deleting old email addresses and getting new ones. Alternatively you can separate your emails addresses by having one for signing up for spammy services, one for personal stuff, one for work/school, etc. Try not to have much overlap between them all.

Edit: I also highly recommended using a temporary email for signing up for stuff whenever possible. I always use this one , but there are plenty of others too.

[–] foremanguy92_@lemmy.ml 2 points 2 weeks ago (1 children)

I kinda like https://yopmail.com/ as it's much more customizable

[–] nossaquesapao@lemmy.eco.br 2 points 2 weeks ago

I like grr.la because I can sign in into the services with any random name @grr.la before opening the temporarily mail site, and sometimes I find out that it wasn't required to confirm the mail, saving some time

load more comments (2 replies)
[–] helpImTrappedOnline@lemmy.world 5 points 2 weeks ago (2 children)

Password manager, and use different randomly generated passwords.

The real danger is having the same password everywhere.

Also pay attention to where you save your payment info.

Everything I do online is through Privacy.com, with limits for each vendor. My amazon gets hacked? Most I'm out is $100, steam gets hacked, there goes $60. A subscription tries to double charge, lol no. Free trial wants to auto-bill me after 7 days, its not happening. Funneling everything through them isn't 100%, but at least they're not paypal, I get notified when ever even a 1 cent charge happens and I'm not leaving my bank card on a dozen random sites I'll eventually loose track of.

[–] stinky@redlemmy.com 3 points 2 weeks ago (1 children)

What if my chosen service doesn't allow me to change passwords that frequently?

[–] CosmicGiraffe@lemmy.world 1 points 2 weeks ago

It's not that you change the passwords for each website often, it's that you use a different password for each site. That way if one site gets hacked and your password is leaked, it can't be used to access your accounts on other sites.

[–] nichtburningturtle@feddit.org 2 points 2 weeks ago (1 children)

Sadly I don't know of an alternative operating in Europe.

[–] Cris16228@lemmy.today 1 points 2 weeks ago (1 children)

Revolut? I think you can create cards the same way

[–] frazorth@feddit.uk 1 points 2 weeks ago (1 children)

I do this. However I also hit the limit of disposable cards.

Turns out to not be as many as I would have thought.

[–] Cris16228@lemmy.today 2 points 2 weeks ago

Didn't know that! Not using it but I heard you can then they decided to ban more secure custom ROMs 🤷‍♂️

[–] kekmacska@lemmy.zip 3 points 2 weeks ago (1 children)

There was a steam breach too, i changed my email and password for steam as well

[–] italics2@lemmy.world 5 points 2 weeks ago (1 children)

Can you provide your source (no pun intended)?

[–] kekmacska@lemmy.zip 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)
[–] italics2@lemmy.world 1 points 1 week ago (10 children)

That would mean you have a virus on your PC not that Steam DB has been breached, right?

load more comments (10 replies)
[–] psmgx@lemmy.world 2 points 2 weeks ago (1 children)

Start changing passwords mon ami

Get a password manager and just start going from site to site and change em up. Use strong ones and store them in the pass manager. Start with critical ones like banks, email accounts, and government stuff, and then keep going..

[–] gregor@gregtech.eu 0 points 2 weeks ago (1 children)

Bitwarden is great, you can also optionally self-host it with vaultwarden.

[–] NeuronautML@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago)

I personally also suggest KeePass2 for an offline vault storage that you can use with Syncthing to synchronize so the data never leaves your devices.

It's worth mentioning that both these programs are subject to leaks in machines infected with malware like OP's was, so maybe if malware is a problem you deal with regularly, i suggest the online options.

[–] Wolfie@lemm.ee 2 points 1 week ago (1 children)

Stealer logs is pretty bad. Very bad to be fair. It means your computer is infected and have stolen all your saved passwords.

Reinstall your operating system completely. Take note of your accounts and change all their passwords. Start with your email address as its the most important one.

load more comments (1 replies)
[–] Sebo@lemmy.one 0 points 2 weeks ago (1 children)

This is really scary can you think of anything that infected your devices and stole your data? I heard about a massave data leak a weak ago :(

[–] targetx@programming.dev 2 points 2 weeks ago (1 children)

That's not what happened

[–] Sebo@lemmy.one 1 points 2 weeks ago

i get confused easy

load more comments
view more: next ›