Russian Gang Steal 1.2 Billion Username/Passwords!

Astro14

$100 Site Donor
Staff member
Messages
13,093
Location
Virginia Beach
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often? laugh
Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...
 
Last edited:
Messages
1,723
Location
Virginia
Originally Posted By: Astro14
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often? laugh
Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...
I have a tendency to use the word "Dude" a lot, so if you see any posts by me where I refer to people as "Comrade" or where I'm using the backwards R, it should be flagged as possibly fictitious.
 

JHZR2

Staff member
Messages
46,117
Location
New Jersey
Interesting. Thing is, at $3.5 million per breach (from the article) it may be too costly or not costly enough to justify real emphasis and change. From the article: “The ability to attack is certainly outpacing the ability to defend,” said Lillian Ablon, a security researcher at the RAND Corporation. “We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.” Patching seems to not be a real success. In reality, the change a complex password every 60 days is probably the only real and successful way. Even things like biometrics are stagnant, so if someone steals the data or associated algorithm associated with it, you're done. Problem is that constantly changing 15+ character random passwords will all the requirements for caps, numbers, special characters, etc makes it incredibly tough.
 
Messages
36,461
Location
ME
I've read it suggested that you come up with a mnemonic like: My First Girfriend Was Jenny And She had 32 DDs which turns into MfgwJ&sh32DD a tolerable password... for now!
 

Turk

Thread starter
Messages
9,103
Location
MN
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like: My First Girfriend Was Jenny And She had 32 DDs which turns into MfgwJ&sh32DD a tolerable password... for now!
Post of the day!! thumbsup
 
Messages
3,229
Location
Richmond, VA
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like: My First Girfriend Was Jenny And She had 32 DDs which turns into MfgwJ&sh32DD a tolerable password... for now!
Got any pics? :P
 
Messages
5,515
Location
Florida
Originally Posted By: Barkleymut
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like: My First Girfriend Was Jenny And She had 32 DDs which turns into MfgwJ&sh32DD a tolerable password... for now!
Got any pics? :P
crackmeup I honestly don't see where the real money is in stealing my Facebook username & password. Even if you jack my online bank login credentials, what will one do with it? My bank doesn't allow jack except to view your recent transaction and pay the credit card bill. It's not like a hacker can send the money from my checking account to another account and steal my life's savings, so again, can someone explain the benefit from stealing my login info? - besides the mental "high" of saying you did so... shrug duh
 
Messages
3,508
Location
Delaware
Originally Posted By: eljefino
I've read it suggested that you come up with a mnemonic like: My First Girfriend Was Jenny And She had 32 DDs which turns into MfgwJ&sh32DD a tolerable password... for now!
Yes that would be tolerable. And not a bad password! :-)
 
Last edited:
Messages
745
Location
Indiana
In April I implemented my own system for important passwords. It includes 4 digits for the date of change, some characters for the site name, and then several (10+) digits of random characters. I store it all with KeePass and intend to periodically modify the random part (and update KeePass). Like said above, changing the password with strong encryption is your only hope. One is still vulnerable during the period between changes (that's why it's best to NOT use the same passwords over). For sites like this one and others that don't involve personal info or monetary transactions I tend to use similar login names/passwords. Another cool tool is Virtual Account numbers from Citi. They allow you to log in, and generate a 1-time use credit card number (you can specify a dollar limit and time limit) - that can only be used online or over the phone.
 
Last edited:
Messages
36,461
Location
ME
Originally Posted By: Artem
I honestly don't see where the real money is in stealing my Facebook username & password. Even if you jack my online bank login credentials, what will one do with it? My bank doesn't allow jack except to view your recent transaction and pay the credit card bill. It's not like a hacker can send the money from my checking account to another account and steal my life's savings, so again, can someone explain the benefit from stealing my login info? - besides the mental "high" of saying you did so... shrug duh
Thing is, it's a piece of the puzzle. You can probably download a pdf of your statement that has your name and address on it. Then the crook can tap your telephone network interface-- it's outside your house and rarely locked-- and call the bank from your "home phone" and order a spare credit/debit card that he can then steal from your unlocked mailbox etc.
 
Messages
659
Location
MEMPHIS, TN
Originally Posted By: sicko
Originally Posted By: Astro14
Originally Posted By: eljefino
So this is why I have to sign into BITOG so often? laugh
Yep...and now, when we see posts under your name, we'll have no idea if it's actually you...or some Russian gang member disrupting BITOG...
I have a tendency to use the word "Dude" a lot, so if you see any posts by me where I refer to people as "Comrade" or where I'm using the backwards R, it should be flagged as possibly fictitious.
Apologies Comrade. I will make sure not to oust you around your new Comrade by using я or anything like that. Also, where do I find such photographs of this so called "Jenny?" And remember as well Comrade, Купить любой масла вы хотите, только не ждите чуда.
 
Messages
40,710
Location
Great Lakes
Originally Posted By: Touring5
Another cool tool is Virtual Account numbers from Citi. They allow you to log in, and generate a 1-time use credit card number (you can specify a dollar limit and time limit) - that can only be used online or over the phone.
This, while seemingly useful, ended up getting us in trouble once. We used such one-time generated credit card number once with Discover to buy some concert/event tickets. The tickets needed to be picked up in person, and at pickup time, they wanted to see the credit card that was used to make the purchase. Well, guess what... the number on the card was different from the one-time generated card number.
 
Messages
144
Location
California
For really important accounts like my on-line banking, I use the BofA supplied two-factor authentication protocol which consists of them texting MY cellphone a one-time six digit code that reaches my login page where I then enter another password.
 
Top