1911Forum banner
1 - 14 of 14 Posts

·
Premium Member
Joined
·
590 Posts
Discussion Starter · #1 · (Edited)
I have LastPass, which is a password management program. It allows you to have all computer-generated random-character passwords for each account or site that you are a member. You only have to remember one password (the Master Password) and LastPass takes care of all the rest. In my case, I have 444 separate sites - however I got lazy and re-used the same password for about 150 of them.

About two nights ago, my account was accessed, apparently using that password. It turns out that my identity showed up on the Dark Web, and the bad guys started brute-force attacking accounts with that password. It was an embarrassment for me, as I'm in the IT business and should have known better. The attacker changed my password and the email address that I have registered here so that I couldn't reset my password.

More to the point, a good friend of mine on this site almost got duped. He saw something that was for sale with my username, and was quite confident it was me. Because I was locked out of my account, I couldn't access his messages to me - or even know that he was trying to message me.

Fortunately, I got in touch with the Mods (Thanks @Grandpas50AE) and they were able to get me squared away.

So for the last two evenings, I have gone through LastPass and created 444 new passwords, each one very strong, and each one completely unique.

For those of you who don't think this could happen to you - TRUST ME, IT CAN. I will be happy to answer any and all questions that anyone might have regarding computer security. I'm living proof that you're never to old to learn.

FULL DISCLOSURE: I have no affiliation or relationship with LastPass, other than being a customer.
 

·
Super Moderator
Joined
·
17,028 Posts
No problem tcpip95, we try to catch things pretty quickly. I was also in IT - Fraud Detection software for banks, and the number of schemes we has to program for (especially when things went digital) was mind-boggling! If you get an email from some unknown person with a link in it, do not click on that link - instead, go to your trusted website (whether bank, here, or whichever) and log in using your normal credentials and check for "messages" to see if it was sent from one of your trusted websites/vendors/gov agencies; if not, delete it immediately and notify you website/bank/gov agency that there has been an attempt to scam/hack you. They can put out a notice/bulletin on their secure network to users that the scammers/hackers are using that scheme to get you credentials. Just my observation and advice.
 
  • Like
  • Helpful
Reactions: Levian and tcpip95

·
Registered
Joined
·
28,922 Posts
That is over the course of 27 years (hence the "95" in tcpip95)
Hey whatever makes you happy. But I have been around longer than that and still only have a small fraction of that. I am pretty particular about any connections that I make on the world wide web. And you are the person that got hacked, not me. Again, just sayin.
 

·
Premium Member
Joined
·
590 Posts
Discussion Starter · #6 ·
Hey whatever makes you happy. But I have been around longer than that and still only have a small fraction of that. I am pretty particular about any connections that I make on the world wide web. And you are the person that got hacked, not me. Again, just sayin.
Well, you merchant marine guys lead sheltered lives.
 

·
Registered
Joined
·
1,089 Posts

I use a different password vault, and I don't reuse passwords.. but.. the above made me o_O
 

·
Premium Member
Joined
·
590 Posts
Discussion Starter · #14 ·

I use a different password vault, and I don't reuse passwords.. but.. the above made me o_O
Yes, I was aware of this. No client data breeched, but they did get some source code. I had already changed my Master Password back then as a precaution.
 
1 - 14 of 14 Posts
Top