Maybe true, maybe not, but worth checking.

“Gmail users have been urged to check their accounts, after it was revealed that more than 183 million passwords were stolen in a data breach.

Australian cyber expert Troy Hunt has disclosed the incident, which has compromised email addresses and their passwords. 

He called it a 'vast corpus' of breached data, which totals 3.5 terrabytes. …”

DailyMail article:
https://mol.im/a/15230351

If anyone with Gmail doesn't have their Google account set up with 2FA, they probably deserve what they get.

^^^
Could anyone interest you in deleting that ridiculous post?

quote:

Originally posted by 400m:
^^^
Could anyone interest you in deleting that ridiculous post?

He's right, if you're not using MFA where available, I as someone who is in IT view you as an abject moron.

gmail was not hacked, the article points to info stealing malware running on websites that people are logging into using a gmail address as their username and password.

If you re-use passwords across sites then that's a problem. The solution is to use a password manager and use a unique (random) password for every site.

OK, two members who prefer Victim Blaming over prosecuting crime. Can I interest you in a couple new gun control bills while you're at it?

Read the room, guys.

quote:

Originally posted by eyrich:
gmail was not hacked, the article points to info stealing malware running on websites that people are logging into using a gmail address as their username and password.
<snip>

Good point. I found it hard to believe that google stores passwords, rather than password hashes.

quote:

He's right, if you're not using MFA where available, I as someone who is in IT view you as an abject moron.

I had to google what MFA was, how do I set it up? Looked all over my google account

quote:

Originally posted by newtoSig765:
OK, two members who prefer Victim Blaming over prosecuting crime.

Nope.

What they're saying is people who don't take reasonable precautions in this day-and-age cannot expect not to be victimized.

E.g.: There was a recent spate of car "break-ins" near my area. Only it turns out there wasn't much "breaking" going on. People were leaving their cars outdoors, overnight, unlocked, with valuables inside.

They were still the victims and of course the criminals who stole from them are to blame, but that doesn't make their lack of caution any less unwise.

@BigSwede

log into either your google or gmail account.

Click on your initial, mine is in a red circle top right.

click on manage your google account.

On the left you should see the work security, click on that.

It will ask for your password again.

long in and turn on 2 step verification.

There may be a save button, no sure my mfa has been on for years.

Thanks

It's been on for two years, probably from a thread on here

quote:

Originally posted by ensigmatic:
...reasonable precautions...

Personal computers, smart phones, other things that are historically called "gadgets" are toys to nearly all of us who use them, myself included. Even though I spent the latter half of my business career computerizing international banks in the days before the Internet, I could get along nicely without them. We had fun in the Good Old Days, remember.

It's unfathomable to me that the people who invented and now run businesses like Google, Apple etc, and have the resources to maintain security, expect their entire user base to stay one step ahead of the BG's rather than doing so themselves. This is NOT just locking your car doors. Ask Para how difficult protecting this place is.

Sorry to rant, but I'm old enough to remember when Long-Leggity-girls in mini-skirts were blamed for their own rapes.

As someone who owns guns, and, more important, understands terminal ballistics, anyone who relies on a handgun cartridge for self-defense that’s less powerful than the 357 SIG is an abject moron. And that's assuming you even carry 24/7/365—legal or not. If you don't that's even more moronic.
(Virtue signaling isn’t limited to the Left.)

I am vaguely aware of multifactor whatever, but only because I spend more time watching YouTube videos about other things than I should and can’t avoid seeing the “Do this immediately or your life will be ruined!!!” thumbnails. How does the average person learn and understand even the reason(s) for it, much less how to make use of it?

quote:

Originally posted by FenderBender:

quote:

Originally posted by 400m:
^^^
Could anyone interest you in deleting that ridiculous post?

He's right, if you're not using MFA where available, I as someone who is in IT view you as an abject moron.

OTOH, blaming the victim is generally regarded as rude, and less than effective.

Doesn't Google, who apparently stored these credentials in a decipherable form, and neglected to maintain the store in a place that was resistant to download, not to mention not noticing until after the fact, share some of the blame?

Better than MFA is avoiding services that require authentication credentials in the first place.

MFA is not a be all and end all, it encourages users to select weak passwords as their primary challenge, and many secondary challenges are less than "secure."

Why isn't Google directly notifying those individuals whose information was obtained? They obviously have the list of them. Seems like this would go a long way to helping those who were actually compromised. Instead they are shoosing to generate more heat than light by alarming their entire community that "something bad has happened."

So, after going back and reading the article, it appears that Google had little to nothing to do with this "hack." Apologies for implicating them. Note that, MFA would have done nothing to interrupt this attack vector, but may be useful going forward to reduce the effects of the compromise. So the lesson is not to simply use MFA on Google sites, but everywhere you have the option to do so.

quote:

How does the average person learn and understand even the reason(s) for it, much less how to make use of it?

Applies to everything in life more involved than sucking a tit.
Somethings are instinct, and most things are learned.
Everyone is born with that ability, most beyond that requires the desire to learn and do.


Learning takes effort, more for some, less than others.

Get on about learning, or live with the burden of not carrying knowledge.

Funny thing knowledge. For all one learns, carrying it around costs nothing, you can share or give all of it to as many as you want, and still have every bit of it with you no matter where you go.

Expecting someone else to fix everything or anything, simply because they can is a high level of chutzpah.

I spent a long life in careers where I did a lot of "preventing/guarding" for a great many things, and what I realized, was the more I did to try an be "helpful", created more expectation of my being "responsible" for other's area of personal responsibility.


Accuse me virtual signaling as my motive, does not make it a truth.

quote:

Originally posted by sigmonkey:

Somethings are instinct, and most things are learned.
...Everyone is born with that ability, most beyond that requires the desire to learn and do...

Even Albert Einstein didn't know it's a good idea to wear socks and not screw his cousin. I think he also had problems with Quantum theory.

As important as the desire to learn is, knowing what to learn is key. We can't solve a problem if we don't know it exists.

While I didn't categorize someone as a moron, I do understand that my post may have offended some. To them, I am sorry that you were offended (in my bestest busted pro-athlete voice....)

Perhaps too curt, but I did also say "probably"!

You saved yourself with that "probably". That's why I didn't call you out.

The "moron" thing from FenderBender, OTOH,...

Yeah, re-reading it, I think he was joking, and I apologize for including him in my first post.

Sorry, man!