PDA

View Full Version : Nintourhistory hacked



jmtd
01-17-2019, 03:50 AM
This morning I received notification that an email of mine was found in one of the leaked collections of accounts that are consolidated by the excellent service “haveibeenpwned.com”

When I checked the details, one of the addresses concerned was one that I had generated and provided only to nintourhistory (I generate new unique email addresses for every web service I sign up to; that way I can individually block them and also track where my data is going)

Unfortunate I believe that the most likely explanation is that the nintourhistory account database has been leaked/compromised/stolen. The collection that has that data within it is this one :
https://haveibeenpwned.com/PwnedWebsites#Collection1

If you had provided personal data to nintourhistory consider changing any shared passwords (and then get a password manager like 1Password and stop reusing passwords).

ekrekel
01-17-2019, 09:26 AM
Thoughts on 1Password (https://www.cloudwards.net/1password-review/) (3rd party review) vs Dashlane (https://www.cloudwards.net/dashlane-review/)? I'm using a mix of mac, windows(locked down by the employer), chrome, IE, and iphones and would like to run 2 accounts. I'm curious how easy usage is across those platforms.

Erneuert
01-17-2019, 09:28 AM
Bummer, man. Changed my password.

cdm
01-17-2019, 10:03 AM
I didn't get a notification for this particular hack so I checked manually and, for what it's worth, my email used on ninhistory didn't ping. I changed my password anyway just to be sure.

Edit: Obviously this doesn't apply to ninhistory but, as a general rule, activate two-factor authentication on any of your accounts that support it...especially your primary email.

arsenic
01-17-2019, 10:22 AM
Thoughts on 1Password (https://www.cloudwards.net/1password-review/) (3rd party review) vs Dashlane (https://www.cloudwards.net/dashlane-review/)? I'm using a mix of mac, windows(locked down by the employer), chrome, IE, and iphones and would like to run 2 accounts. I'm curious how easy usage is across those platforms.

I'm personally using Bitwarden, as it's Open Source and recently passed a third-party security audit. Oh and it's also cross platform and free. But it's up to you to decide who you trust the most (which, essentially, it comes down to Open Source design vs proprietary services).

Callahan
01-17-2019, 02:18 PM
The website should also have a http redirect to https. If you just manually type in nintourhistory.com, it'll default to the http page, which will send all username/password info in plain text.

thelastdisciple
01-17-2019, 06:46 PM
Thoughts on 1Password (https://www.cloudwards.net/1password-review/) (3rd party review) vs Dashlane (https://www.cloudwards.net/dashlane-review/)? I'm using a mix of mac, windows(locked down by the employer), chrome, IE, and iphones and would like to run 2 accounts. I'm curious how easy usage is across those platforms.
Not sure about those but I use LastPass and so far I haven't had any issues with it, i use the extension for Chrome on Windows and then i also have the Android app on my phone. I think i tried the iOS app for it on my iPod Touch but it's been a while since I've even had the thing charged up and can't remember if there were any drawbacks or not.

There's also a great offline tool LastPass has that you can put on a USB key to archive all your passwords if you just want them handy, of course the Android app has an offline mode as well that you just have to remember to enable if you're intending to use it that way.

botley
01-17-2019, 06:59 PM
^ This. There's a fee for use, but LastPass is worth it, for my peace of mind anyway.

klyrish
01-17-2019, 09:47 PM
^ This. There's a fee for use, but LastPass is worth it, for my peace of mind anyway.
There's a free tier but I think it's limited somehow and regardless, it's worth $2/mo for premium or $4/mo to upgrade to the "Family" plan to share passwords with spouses or other important family members. Been using LastPass for years and love it. Make sure you keep track of your master password because there's no way to recover it in the event you forget it.

And I recommend using multi-word song titles with a character or two capitalized, others swapped out for numbers, and then a special character or two as well. Easier to remember and just as difficult to guess or get via brute force attacks. Then set LastPass to use 16 characters with mixed case, numbers, and special characters. You'll have super strong passwords you never have to remember! Android integration is great. A quick fingerprint confirmation and it pops credentials into Chrome and any app you have installed with corresponding credentials stored.

LastPass is the shit.

Haysey_Draws
01-18-2019, 07:32 AM
Been considering getting a password tingy (i did check my email and it did get a ping, but none of my passwords were up there, and EVERYTHING i use has a different password...but its a lot harder to maintain and bothersome to change them all every few months) might check out LastPass

cdm
01-18-2019, 08:41 AM
Been considering getting a password tingy (i did check my email and it did get a ping, but none of my passwords were up there, and EVERYTHING i use has a different password...but its a lot harder to maintain and bothersome to change them all every few months) might check out LastPass

I use the free version of LastPass and it does everything I need. Using it on mobile prior to the iOS integration was really cumbersome but now that they've added support...really great. I assume Android is similar.

jmtd
01-18-2019, 02:42 PM
I used to use 1password and I can also recommend it. I only stopped when I moved off Mac.