The most serious online breach I've seen, it's honestly worth checking if you're in it

[rcx132]

I don't normally post stuff like this, but the ALIEN TXTBASE Stealer Logs breach is the first one that's scared me.

I've used the internet extensively since the early days, using all sorts of tech for personal interest and for my work. I am a tech nut. As a result of my prolific internet use I've been in a lot of breaches. Every breach I've been involved in so far has involved single services (eg Netflix) and therefore only a limited set of low value credentials have been stolen. This breach is different as it's accessed the browsers password vault, and uncovered all of the victims passwords.

If you're concerned, go to https://haveibeenpwned.com, enter your email, and check if you've been exploited by ALIEN TXTBASE Stealer Logs.

Below is a provisional list of things I'd do. If anyone has other suggestions, please comment.

- Check that a reputable Anti Virus is working on all machines (Windows built in AV was once considered low quality, apparently its better now, BitDefender apparently still the safest suite)
- Run full manual scan
- If machine has had dodgy/suspicious software installed over a period of time then consider reformatting
- Review all the websites, services, and accounts you access/own that are of high value and ensure multi factor authentication is enabled
- Monitor your email inbox and spam box for notifications of suspicious access to any of your accounts
- Ensure you monitor any old email addresses as well, and that your family does the same
- Sign yourself and your family up to the haveibeenpwned.com service to be alerted of future breaches containing your data. I think this service is also built into some anti virus solutions.
- If you have kids or less tech savvy users ensure they have a non admin account on your machine and AV is enabled
- Sign up with credit reporting agency and regularly check for any accounts that have been opened in your name and any searches done against you. I use Clearscore as it's free, it accesses one of the major agencies.
- Keep everything up to date, including your anti virus, firewall, operating system, browser.

Disclaimer: I do high level business technology designs which isn't a security role, and is basically a fancy way of saying my designs lack any detail. Although I've risen through the ranks and done many tech roles I am not specifically a security specialist. The info I provide here could be wrong. The list I've compiled is from my point of view, as a dad who's kids use the PCs, who has old machines, but has used unique passwords for a long time now. Other types of users may have other things they should consider doing.

 

[Seadog]

I've not checked for ages. Three of my six are compromised. The Gmail addresses are fine.

 

[dobbslc]

So for an IT numpty what do I do to check this?

 

[arther dailey]

my first responce , is this genune ...? or is it a scam

 

[rcx132]

So for an IT numpty what do I do to check this?

I believe haveibeenpwned.com is the leading service for monitoring data breaches. They go as far as buying stolen data from hackers, organising it, and allowing individuals to check if their information is in there. I recommend visiting haveibeenpwned.com and entering your email address to see if you’ve been affected. Many breaches are relatively harmless (as I mentioned in my opening post), but check if ALIEN TXTBASE Stealer Logs appears on your list.

Check all your email addresses, including those used by others on your devices. If ALIEN TXTBASE Stealer Logs is listed, I recommend following my list, though really, you should be doing the things on the list regardless, to protect yourself.

my first responce , is this genune ...?

I'm not sure what you mean, what's genuine? If you're worried about entering your email into the link, then you might be able to use your Anti Virus instead. Many of the anti virus solutions now do the same thing, checking if you appear in any hacked data. I suspect those solutions are reusing haveibeenpwned.com anyway.

 

[arther dailey]

I believe haveibeenpwned.com is the leading service for monitoring data breaches. They go as far as buying stolen data from hackers, organising it, and allowing individuals to check if their information has been stolen. I recommend visiting haveibeenpwned.com and entering your email address to see if you’ve been affected. Many breaches are relatively harmless (as I mentioned in my opening post), but check if ALIEN TXTBASE Stealer Logs appears on your list.

Check all your email addresses, including those used by others on your devices. If ALIEN TXTBASE Stealer Logs is listed, I recommend following my list, though really, you should be doing all that regardless.


I'm not sure what you mean, what's genuine? If you're worried about entering your email into the link, then you might be able to use your Anti Virus instead. Many of the anti virus solutions now do the same thing, checking if you appear in any hacked data. I suspect those solutions are reusing haveibeenpwned.com anyway.

yes is the post genuine was my thoughts ,thanks

 

[Pigeon_Droppings2]

Haveibeenpawned have been around for a long long time and I've been checking them for years.

After there was a big breach years ago involving my email address I switched to using disposable email aliases and non browser vaults...a lot less hassle to then delete the email! I got caught by the lastpass breach and had to basically reset every password in my known universe!

For a few years after one of the breaches I would get blackmail emails which contained old passwords....quite scary when someone emails you your password! Luckily I knew about the breach and had already changed all my passwords!

 

[rcx132]

yes is the post genuine was my thoughts ,thanks

I'm happy to PM you my real name, I'm all over Google, with my history, experience, employers, some trade articles I wrote for magazines etc. In fact, you can probably reverse search me via my profile pic.

 

[droopsnoot]

yes is the post genuine was my thoughts ,thanks

I wondered, but then noticed that the OP has been around here a long time. If it was their first post, maybe not so sure.

 

[RaceDiagnostics]

I'm happy to PM you my real name, I'm all over Google, with my history, experience, employers, some trade articles I wrote for magazines etc. In fact, you can probably reverse search me via my profile pic.

Yes, but your account could have been hacked

 

[rcx132]

Yes, but your account could have been hacked

Ah thanks for the explanation. It was actually a bit upsetting, taking the time to write that up to help protect a community, and to be then accused of being a scammer

Anyway, this account not hacked, this is me. But yes I was in the data breach I've written up and also recently I noticed my son somehow managed to install a PUP (less malicious than a virus) despite only having a child account on the PC, so I'm on on edge and trying to ramp up security.

 

[arther dailey]

Ah thanks for the explanation. It was actually a bit upsetting, taking the time to write that up to help protect a community, and to be then accused of being a scammer

Anyway, this account not hacked, this is me. But yes I was in the data breach I've written up and also recently I noticed my son somehow managed to install a PUP (less malicious than a virus) despite only having a child account on the PC, so I'm on on edge and trying to ramp up security.

I was nt accussing , just doing my due diligence .

 

[Pigeon_Droppings2]

Anyway, this account not hacked, this is me

Surely that's exactly what a hacker would say .

Sorry...I'll get my coat and see myself out!

 

[rcx132]

I was nt accussing , just doing my due diligence .

It's cool, I know you from other posts, so I figured it was well intended post, it was a mixed feeling. And reading back, the opening post does drive the "enter your email" point suspiciously hard !

 

[rcx132]

An update on my situation. After some more reading I found that the haveibeenpwned.com website actually gives the user list of records that were stolen (with the password removed or half obscured or just the domain the password was used on). The virus/malware had only stolen one record for a website I used years ago. However I got the virus, it must have been temporary and a while back. I have used strong antivirus for years but I should probably be more cautious about what I download though, and what my kids do on my PC, as that really was scary, knowing I had a virus than can send my entire password list to a hacker that then sells to criminals.

 

[jmp49]

I am a security specialist, but more on the offensive side. All I'll contribute is that KeepassXC using a local only database, letting it suggest a unique password per account, have the db lock at suspension of the machine and unlocked with a yubi key 2fa hardware token, and a unique to you strong unlock password is a pretty stout solution. If the db is sent offsite, someone still needs the key and unlock to unlock it. There have been attacks against KeepassXC because by virtue of its design when its running it has to have the db unlocked in memory space to function but it does use various protections against this being read depending on platform. On windows for instance it marks the block as private, whereas Keepass commercial does not and permits malware to export it. Nothing is completely secure, and even if you make it so, if someone wants the contents that badly they'll beat it out me with rubber hoses. I trust it more than the alternatives, and especially more than firefox or chrome's credential storage, which is a huge target to develop extraction malware for.

Besides this most individual account breaches are from password reuse, so dont do this. Common dictionary passwords is also a great contributor to ease of compromise (rockyou with a bit of mutation is always useful when testing a system), but you cant control if the website or app is badly written or storing your passwords in cleartext on a exposed s3 bucket for all to read, or their employee's are emailing it in cleartext in debug logs or pasted into pastebin or chatgpt. If something offers 2fa, look into how to set it up if you care about that account. Equally I have 10-20 accounts in places I dont really care about, so I focus my energy on being careful with the ones that I do care about. I hardly ever put my real name or date of birth etc into things unless its a legal requirement, even if they demand it as a obligation.
I often get blackmail emails with a breached former password that's in the various db's floating about threatening me, along with having installed a webcam recorder on my main desktop to record my perverted activities. Which is impressive as I dont even have a webcam on it.

 

[Pigeon_Droppings2]

All I'll contribute is that KeepassXC using a local only database

Yup...something like this is essential for the high value passwords I think.

 

[gaz1]

Anyway, this account not hacked, this is me. But yes I was in the data breach I've written up and also recently I noticed my son somehow managed to install a PUP (less malicious than a virus) despite only having a child account on the PC, so I'm on on edge and trying to ramp up security.

first off your not that security safe anyway

theres just no way would i let a child or anyone else near my pc they would have there own so in that reference its your own fault

websearch is websearch best to use that type of machine on its own

as goes for private stuff best to use an alternative machine for logins main ones

after saying all of this having 2 different hard drives is a good point you just have to be careful of bios attacks with 2 hard drives when replugging an important hard drive compared to the internet search hard drive

 

[Dev]

The simplest step you can take is use a different password for every site and service - so if one is breached no one can access anything else where the same email was used. And use 2 factor authentication everywhere it’s an option. I couldn’t tell you my password for anything now even if you pulled my fingernails out it’s all unique strong passwords from a password manager.

It is a trivial task for someone who knows what they’re doing to take an email address and password and run it against a hundred sites - so if you use the same password for your niche hobby website as your Amazon, PayPal or bank account you could be in for a world of hurt.

 

[rcx132]

I am a security specialist, but more on the offensive side. All I'll contribute is that KeepassXC using a local only database, letting it suggest a unique password per account, have the db lock at suspension of the machine and unlocked with a yubi key 2fa hardware token, and a unique to you strong unlock password is a pretty stout solution. If the db is sent offsite, someone still needs the key and unlock to unlock it. There have been attacks against KeepassXC because by virtue of its design when its running it has to have the db unlocked in memory space to function but it does use various protections against this being read depending on platform. On windows for instance it marks the block as private, whereas Keepass commercial does not and permits malware to export it. Nothing is completely secure, and even if you make it so, if someone wants the contents that badly they'll beat it out me with rubber hoses. I trust it more than the alternatives, and especially more than firefox or chrome's credential storage, which is a huge target to develop extraction malware for.

Besides this most individual account breaches are from password reuse, so dont do this. Common dictionary passwords is also a great contributor to ease of compromise (rockyou with a bit of mutation is always useful when testing a system), but you cant control if the website or app is badly written or storing your passwords in cleartext on a exposed s3 bucket for all to read, or their employee's are emailing it in cleartext in debug logs or pasted into pastebin or chatgpt. If something offers 2fa, look into how to set it up if you care about that account. Equally I have 10-20 accounts in places I dont really care about, so I focus my energy on being careful with the ones that I do care about. I hardly ever put my real name or date of birth etc into things unless its a legal requirement, even if they demand it as a obligation.
I often get blackmail emails with a breached former password that's in the various db's floating about threatening me, along with having installed a webcam recorder on my main desktop to record my perverted activities. Which is impressive as I dont even have a webcam on it.

For the less tech savvy people, Keepass is an open source password manager that stores your passwords on your hard drive rather than online. It's more secure because:
(a) open source projects tend to be built by enthusiasts who believe in their cause rather than lazy, hateful, or under resourced minions
(b) open source projects tend to be effectively "peer reviewed"
(c) storing passwords locally is more secure than the cloud
(d) its less of a target

I do actually use Keepass as my master (I wasnt aware of KeepassXC which is more secure). Then I started using Chrome to populate my everyday low risk passwords, then, over time, I got complacent and started letting it store more and more.

At the time I was reluctant to connect Keepass to my browser as you suggest, but maybe that is the way forward, especially now I'm aware of KeepassXC which can do that without any plugin.

I agree with what you say, that the issue with online password managers is that they are targets. Keepass stores locally, and even if you sync the Keepass database across your machines using some personal method, that's unique to you, so not a target.



@gaz1 of course your method is more secure but at cost of practicality.