Technology @lemmy.world Da Cap’n @lemmy.dbzer0.com 3d ago

Have I Been Pwned adds 284M accounts stolen by infostealer malware

www.bleepingcomputer.com Just a moment...

News @lemmy.world Da Cap’n @lemmy.dbzer0.com 3d ago

www.bleepingcomputer.com /news/security/have-i-been-pwned-adds-284m-accounts-stolen-by-infostealer-malware/

56 1

30 comments

I really wish they could check phone numbers. I've been getting a TON of spam recently and it would be interesting to see where it's coming from.
- There has likely been an evolution of war dialers. It's probably easier to blast through every possible number once a year, and sell a list of every valid number. Targeting specific area codes is probably faster and would avoid some legal problems.
  
  Huh. You think read receipts via RCS could make it worse? Obviously Google would probably have to make an exception to allow for this but hey "~~Don't Be Evil~~"
- This is a really dumb fix that I started using several months ago when I was getting 5 or 6 spam calls a day.
  
  I would answer, and if they asked for my name or whoever lives at my address I would tell them they have the wrong number, I'm not them, I don't have a house, whatever. Anything to make them positively sure that the person they are looking for does not exist here. Within 1 week the calls dropped off significantly. Now, about 5 months later I get maybe one call per month.
  
  Another thing that helps is to answer and immediately mute your line so the caller only hears an empty line. Spam dialers hang up and eventually mark the number as invalid, and most people who are real callers will prompt with a hello or something. I did that for a while before I got the Google call screen, which cut it down even more.
- You could in the past (until around 1-2 years ago). I don’t know why it changed, though.
- I've gotten a lot less spam calls since I started using the Google assist call screener. I get legitimate calls that hang up because my idiot ops guys can't listen to the recording and say what they need to when they call me direct instead of my office redirect line, but it also seems to chase off the spammers if they know their AI has to get through my AI to even have a chance at trying to scam me, since I'm a harder target than average.
Yea just got the alert that one of my old email addresses was affected
- Does that mean the malware was once on your system?
  
  I doubt it. Probably just means some website i signed up to using that email was compromised and had all their data leaked.
I found the stupid piece of malware that leaked my info.

TrojanDownloader:MSIL/FormBook.D!MTB

Installed alongside a pirated photo editing software back in 2021
Finally, a data breach that doesn't include me. Good to know I dodged it.
- Its the opposite for me, first time I actually got caught in one.
I just always assume my info has been leaked and use randomly generated passwords and 2FA where possible as well as “not-real” security questions.
I don't understand how to find out which specific sites had my data leaked. Without that I can't take any action. I'm subscribed to email alerts but the alert did not include any details like the article said it would.
- Use the 'Notify me' option and verify your email address, and then it will show the expanded list of domains that were exposed from the malware:
  
  Mine just said it was found, but no domains were associated. So... Yea. I don't know what it has, and the inability to query it for more information sucks.
  
  Thanks, I finally found it. I was already subscribed and verified, but still couldn't find this anywhere. To get to it I had to:
  
  Signup again from the HIBP website
  
  Get the verification email telling me I was already verified
  
  Click through it
  
  Scroll to the VERY bottom of the page and find the stealer logs.
  
  My natural question is of course how my credentials were stolen logging into gmail.com (yay 2-factor), but at least know I know that's where I need to change my password.
  
  I should note that the initial notice email about the breach that I received from HIBP for already being verified appears to not have any direct way to actually get this information.
- Rent a domain Set up email Use a unique address for every website
  
  I usually pick the domain of the website as the username part.
  
  So if, say, I have email set up on lemmy.cafe and want to sign up to flatearth.com - I'd probably use flatearth.com@lemmy.cafe for an email address. If they ever leak it - I'll be reveiving spam sent to this address.
  
  In the six years of hosting my own email I've only had one such occurence when namecheap got breached. It was nice being able to tell where the culprit was!
- As another poster detailed, this is not a company that exposed your info: these credentials are all from stealer logs, which are logs of credentials stolen by keyloggers installed on machines. If your credentials were in this report, it means that you've entered that username and password on a machine with malware on it. Could be your personal machine, or it could be some other computer you've used.
  
  That's true. My point was just that the important thing here is knowing personally which domains were affected so one can personally change those sets of credentials. If I don't know which of my credentials leaked then there's no value to me.
  
  I was able to finally get access and did change the specific credential that had leaked (again, not assigning blame to any specific site here).
Just checked my emails and both were pwned. Bummer

30 comments