[conspire] (forw) You're one of 48, 580, 249 people pwned in the Straffic data breach

Rick Moen rick at linuxmafia.com
Thu Feb 27 15:07:52 PST 2020


Regular readers can anticipate approximately what I'm going to say next:

This notion that I've been 'pwned' by Internet disclosure of a marketing
database listing (some subset of) name, e-mail address, telephone
number, street address, and 'gender' [sic -- they mean my sex]
presupposes that all of those things are a deep, dark secret.  The
literature at https://haveibeenpwned.com/PwnedWebsites#Straffic implies
that the most alarming part of that disclosure was '49M unique email
addresses'.

Now, seriously, how secret do you imagine my e-mail address, street
address, name, etc. are?  Especially given that they're plastered all
over what I do, and that my personal Web page has all of that plus my
'ICBM address' (latitude, longitude, and altitude of my living room
chair, stated precisely to within a metre)?

More important, most people would imagine an 'account compromise' or
being 'pwned' would mean 'bad guys have my account usernames and
plaintext passwords for one or more of important thing', but that is not
the case in HaveIBeenPwned.com's usage by a country mile.

Moral of the story:  Read all security claims critically, especially the
melodramatic ones.  The underlying substance is often _extremely_
underwhelming compared to the headline.


----- Forwarded message from Have I Been Pwned <noreply at haveibeenpwned.com> -----

Date: Thu, 27 Feb 2020 19:53:48 +0000 (UTC)
From: Have I Been Pwned <noreply at haveibeenpwned.com>
To: rick at linuxmafia.com
Subject: You're one of 48,580,249 people pwned in the Straffic data breach

You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened.

You're one of 48,580,249 people who've had an account compromised in the Straffic hack of Feb 2020, the details of which you can read about here: https://haveibeenpwned.com/PwnedWebsites#Straffic

The data disclosed in the breach includes: Email addresses, Genders, Names, Phone numbers, Physical addresses

Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:

Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager: https://1password.com/
Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised: https://haveibeenpwned.com/Verify/[hash redacted]

Please note that it is not possible to retrieve the passwords themselves from HIBP: https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/

If you don't want to receive any future breach notifications, just click here to unsubscribe: https://haveibeenpwned.com/Unsubscribe/[hash redacted]


----- End forwarded message -----



More information about the conspire mailing list