[conspire] (forw) You're one of 31, 081, 179 people pwned in the Internet Archive data breach

Rick Moen rick at linuxmafia.com
Wed Oct 9 19:23:38 PDT 2024 

Just a reminder that these warnings from HaveIBeenPwned.com are

1.  well intended
2.  of-necessity vague in what your warning will consist of, and
3.  functionally meaningless, if you exercise security common seense.

Nonetheless, sign up for warnings, if interested in the security topic.
Just know that (subject to proviso #3, above), you'll mostly get
nothingburgers on about an annual basis.

This warning is for a breach at Internet Archive (archive.org).  And,
I've confirmed in my password manager that (as stated below) all I
provided to Internet Archive was e-mail address, username (same as
e-mail address), and password.  Not being negligent, and using passwords
intelligently, the password I picked was/is unique to that site.  

Most use of the (indispensible) Internet Archive don't require a
username/password at all.  ISTR I created a login for one time when I
"checked out" a scanned-in book for a limited time.  (I've now changed
the claimed-exposed password.)

My point about HaveIBeenPwned warnings is that they are deliberately
alarmist, in part to serve people who think trivia about them like their
names and e-mail addresses are sensitive data, but also people who share
passwords between sites.  (Which, well, don't do that.)

I don't know why HaveIBeenPwned is pushing the proprietary 1Password
program, but the cynical surmise is a marketing deal.  Much, much
better:  KeePassXC, which is cross-platform, open source, _not_ tied in
with surveillance capitalism, fast, small, simple, and based on an
open-standard database file format that's also used by some other
password managers, e.g., ones for iOS and Android.

KeePassXC should not be confused with KeePass, of which KeePassXC is a
community fork.



----- Forwarded message from Have I Been Pwned <noreply at haveibeenpwned.com> -----

Date: Wed, 09 Oct 2024 23:36:35 +0000 (UTC)
From: Have I Been Pwned <noreply at haveibeenpwned.com>
To: rick at linuxmafia.com
Subject: You're one of 31,081,179 people pwned in the Internet Archive data
	breach

You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened.

You're one of 31,081,179 people who've had an account compromised in the Internet Archive hack of Sep 2024, the details of which you can read about here: https://haveibeenpwned.com/PwnedWebsites#InternetArchive

The data disclosed in the breach includes: Email addresses, Passwords, Usernames

Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:

Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager: https://1password.com/
Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised: https://haveibeenpwned.com/Verify/c00052b8f6dcd6f1b695220648bdeb11

Unsubscribe from future breach notifications: https://haveibeenpwned.com/Unsubscribe/c00052b8f6dcd6f1b695220648bdeb11


----- End forwarded message -----

More information about the conspire mailing list