Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors Data Leak?

RowellE

RowellE

macrumors 6502
Original poster
Mar 5, 2012
453
859
I just tried logging into this forum on my iPhone and a notification popped up, which I have attached.

Was there some kind of security breach with MR that we weren’t informed about?
 

Attachments

  • 7AF39B29-F782-4216-9F97-7A874D992D14.jpeg
    7AF39B29-F782-4216-9F97-7A874D992D14.jpeg
    84.7 KB · Views: 390
  • Wow
Reactions: russell_314
It's not specific to MR. You're reusing a password across multiple sites. That password was leaked from one of the sites you used it on. Please, please, please don't reuse passwords. Not only is it a pain to have to go change your password for all the sites you used it on, you're setting all those accounts up to get compromised by credential stuffing. I would highly recommend using a password manager and generating a unique password for every site.
 
  • Like
Reactions: RowellE and BigMcGuire
BeatCrazy said:
That warning is not specific to this site in particular, you’ll probably see it for many other sites as well (that you’re using the same pw for).
Click to expand...

FuturePilot said:
You're reusing a password across multiple sites.
Click to expand...
Thanks for the replies. My password here is specifically for this site only.

So for example, my IMDb password is “imdb6709”; Target.com password “target4312”.


My macrumors passcode is macrum****

So this is really odd that I got that alert.
 
RowellE said:
Thanks for the replies. My password here is specifically for this site only.

So for example, my IMDb password is “imdb6709”; Target.com password “target4312”.


My macrumors passcode is macrum****

So this is really odd that I got that alert.
Click to expand...

That's not a particularly clever password stragety, so someone else might have the same password. It also could have been brute forced. Some of your others too. The password 'target' on it's own has been found nearly 30,000 times in data breaches, many of them probably Target accounts. You can see similar results with passwords like maceys, bestbuy, walmart, even visa, mastercard and americanexpress! So using the site name is a complete waste of several characters - it offers no security at all. You're protected by just 4 digits which a bot could crack in seconds.

You can check here for passwords that are already out there and likely being used by bots to try to crack into accounts.
 
  • Like
Reactions: bousozoku, jonblatho, AngerDanger and 1 other person
RowellE said:
Thanks for the replies. My password here is specifically for this site only.
Click to expand...
To my knowledge, its not that MR has had a dataleak but Chrome is warning you that the password has been found on the so called dark web. If you used "password123", it would say the same, certain passwords have easily been guessed or have been found out in some ways that they're no longer safe.
 
  • Like
Reactions: bousozoku
RowellE said:
Thanks for the replies. My password here is specifically for this site only.

So for example, my IMDb password is “imdb6709”; Target.com password “target4312”.


My macrumors passcode is macrum****

So this is really odd that I got that alert.
Click to expand...

If you're using a Google-based account to keep track of your passwords in Chrome, etc., you might want to do their Security Checkup to see what's being re-used within your account.

If you want to check a certain e-mail address, you might want to try Firefox Monitor.
 
  • Like
Reactions: max2 and maflynn
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back