3

recently noticed that Github is warning some users that their password has been compromised in a data breach by "HaveIBeenPwned". what is this about?

Comments
  • 2
    I simply updated the password and forgot about the shit.

    What google says about it?
  • 0
    @arazzz It just suggest me some github projects related to this, not the meaning or solution
  • 2
    https://haveibeenpwned.com/ and https://haveibeenpwned.com/Password...

    Are services compiling large quantity of recovered breached data that allows you to check whether your emails and passwords appear in such data pastes it's beeing integrated in a lot of services to warn you if there's a risk someone might have access to your accounts and data.
  • 0
    @Hallelouia Thanks for providing the knowledge and links.
  • 2
    @Hallelouia or is it in fact a scam that collects users’ passwords by pretending to be a service that checks them against a database of stolen passwords when it is in fact actually constructing said database?
  • 0
    @devios1 trying out password thing is really a foolish step. However I tried out some email ids and the result seems correct.
  • 1
    @devios1 the project has been endorsed by way too many companies I trust, including Mozilla, so I gonna go with: it's legit.
    And you would have to check traffic between you and their servers but I think I read they don't even send the full password for comparison.
  • 0
    @makmm thanks for confirming Troy Hunt is the the maker of haveibeenpowned I wasn't sure, that's why I didn't mention it but yeah I read is blog regularly
Add Comment