Google notice- Bogleheads password exposed in data breach

Discussions about the forum and contents
Post Reply
Topic Author
protagonist
Posts: 9629
Joined: Sun Dec 26, 2010 11:47 am

Google notice- Bogleheads password exposed in data breach

Post by protagonist »

When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.

I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.

Have you received a notice like this?

Were there any consequences?
bogleVol
Posts: 12
Joined: Sun Sep 06, 2020 12:26 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by bogleVol »

Just logged in about 30 minutes ago: 9a EST.
No notice of breach.
Cheers! :sharebeer
50/50
Posts: 182
Joined: Wed Mar 13, 2019 9:16 am

Re: Google notice- Bogleheads password exposed in data breach

Post by 50/50 »

No notices with my login this morning.
Thou shalt take no risks that thou needest not take. Seek wisdom not knowledge. Knowledge is of the past; wisdom is of the future.
techbud
Posts: 295
Joined: Thu Dec 22, 2022 6:52 am

Re: Google notice- Bogleheads password exposed in data breach

Post by techbud »

protagonist wrote: Wed Sep 04, 2024 8:25 am When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.

I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.

Have you received a notice like this?

Were there any consequences?
Hmm, it's not clear to me how Google (the search engine and internet/cloud company) was aware of what password you use at Bogleheads. Was it Chrome (your web browser, which is made by Google) that alerted you?
Do you use Chrome's password manager? And are you sure that you've never used this password elsewhere? Because from what you described, it sound like Chrome was alerting you that this password was used elsewhere, and that it was exposed in a data breach.
User avatar
sycamore
Posts: 6860
Joined: Tue May 08, 2018 12:06 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by sycamore »

techbud wrote: Wed Sep 04, 2024 8:51 am
protagonist wrote: Wed Sep 04, 2024 8:25 am
...And are you sure that you've never used this password elsewhere? Because from what you described, it sound like Chrome was alerting you that this password was used elsewhere, and that it was exposed in a data breach.
^^ this would be my first hunch as well.

I've received no notice of any such breach.
User avatar
Clever_Username
Posts: 2124
Joined: Sun Jul 15, 2012 12:24 am
Location: California

Re: Google notice- Bogleheads password exposed in data breach

Post by Clever_Username »

I didn't receive the notice, but I'm on a personal computer on which I stay logged in. I'm also fairly certain my password at BH is only used here.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ | | I survived my first downturn and all I got was this signature line.
mark_in_denver
Posts: 595
Joined: Thu Feb 26, 2015 7:36 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by mark_in_denver »

Password exposed or the hash? Big difference.
Afty
Posts: 2457
Joined: Sun Sep 07, 2014 5:31 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by Afty »

Chrome's password manager does this, it's a feature called Password Checkup: https://blog.google/technology/safety-s ... d-checkup/. It compares your stored passwords against known compromised passwords and alerts you if any of them are found.

This is a good example of why it's so important to use a unique password per site. You can change your Bogleheads password and move on with your life, with no worries that any other sites are at risk.
Tabulator
Posts: 417
Joined: Sat Mar 31, 2012 4:03 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by Tabulator »

Is it possible to determine whether this particular breach involved the host used by Bogleheads?
EdNorton
Posts: 708
Joined: Wed Jan 02, 2019 10:11 am

Re: Google notice- Bogleheads password exposed in data breach

Post by EdNorton »

I would not lose any sleep over my Bogleheads password being exposed.
:sharebeer
Outside a dog, a book is man's best friend, inside a dog, it's too dark to read - Groucho
Normchad
Posts: 6313
Joined: Thu Mar 03, 2011 6:20 am

Re: Google notice- Bogleheads password exposed in data breach

Post by Normchad »

EdNorton wrote: Wed Sep 04, 2024 1:45 pm I would not lose any sleep over my Bogleheads password being exposed.
:sharebeer
For real. Heaven help me if somebody impersonates me on here…….
User avatar
SmileyFace
Posts: 10003
Joined: Wed Feb 19, 2014 9:11 am

Re: Google notice- Bogleheads password exposed in data breach

Post by SmileyFace »

Maybe you used that password somewhere else in the distant past that was compromised?
If someone gets into my account I suppose they can yell and scream at folks and get me kicked off. Not much real harm would come from it.
Normchad
Posts: 6313
Joined: Thu Mar 03, 2011 6:20 am

Re: Google notice- Bogleheads password exposed in data breach

Post by Normchad »

I use mainly apple stuff. So'i just went into and looked. Lo and behold I have *57* compromised passwords.

I checked a few of them, and some of them ate very trivial. And some of them are not. Every site wants you to have an account now, and I do have a default trivial password that I use in a lot of places.

Anyway, I’m ignoring it…..
student
Posts: 11475
Joined: Fri Apr 03, 2015 6:58 am

Re: Google notice- Bogleheads password exposed in data breach

Post by student »

No notice.
the_wiki
Posts: 3687
Joined: Thu Jul 28, 2022 11:14 am

Re: Google notice- Bogleheads password exposed in data breach

Post by the_wiki »

It doesn't necessarily mean YOUR account was exposed. It means that the password you use is not unique to you and it's on a common password list and may be used in brute force attempts.

That said, what are the personal risks of having your forum account compromised?
bmdack
Posts: 6
Joined: Sun Apr 14, 2013 10:04 am

Re: Google notice- Bogleheads password exposed in data breach

Post by bmdack »

I did not get that message.
Topic Author
protagonist
Posts: 9629
Joined: Sun Dec 26, 2010 11:47 am

Re: Google notice- Bogleheads password exposed in data breach

Post by protagonist »

techbud wrote: Wed Sep 04, 2024 8:51 am
protagonist wrote: Wed Sep 04, 2024 8:25 am When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.

I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.

Have you received a notice like this?

Were there any consequences?
Hmm, it's not clear to me how Google (the search engine and internet/cloud company) was aware of what password you use at Bogleheads. Was it Chrome (your web browser, which is made by Google) that alerted you?
Yes, sorry....Chrome.
Do you use Chrome's password manager?
I use Keepass.
And are you sure that you've never used this password elsewhere?
I probably have. Though I generally use different passwords for every site that requires one, my Bogleheads password was a simple one that I never changed (until now) since I joined Bogleheads in 2010. I didn't change it because Bogleheads is , to me, such a "low risk" site...if somebody impersonated me on Bogleheads or stole that password I wouldn't really care. I definitely don't use it for anything even slightly potentially critical. It's not like if somebody got my password to get into a bank account, for example. And no, it wasn't something stupid like "password1" or my birthday.
Because from what you described, it sound like Chrome was alerting you that this password was used elsewhere, and that it was exposed in a data breach.
The following is a link to the message from somebody else who received it, and somebody's (Google's) response: https://support.google.com/chrome/threa ... word?hl=en
User avatar
nisiprius
Advisory Board
Posts: 53589
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Google notice- Bogleheads password exposed in data breach

Post by nisiprius »

I just tried, using Chrome, in which at some point I had stored my Bogleheads' forum password, and got no warning.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
oldcomputerguy
Moderator
Posts: 18804
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Google notice- Bogleheads password exposed in data breach

Post by oldcomputerguy »

I have a very long, complex password for the forum, which I store in the Chrome password manager. Like Nisiprius, I just logged out and back in, and got no warning. The password I use for Bogleheads.org is not used anywhere else.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
LadyGeek
Site Admin
Posts: 98611
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Google notice- Bogleheads password exposed in data breach

Post by LadyGeek »

This thread is now in the Forum Issues and Administration forum (password).

To be clear, the breach is within passwords saved in your browser. It has nothing to do with the security of this website. See: “Some of your saved passwords were found in a data breach…” Is the Google Notification Legit? | Trend Micro News

I use bitwarden for my password manager and never, ever, use my browser to store passwords.

(Thanks to the member who reported the post and explained what's wrong.)
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Dottie57
Posts: 12975
Joined: Thu May 19, 2016 5:43 pm
Location: U.S.

Re: Google notice- Bogleheads password exposed in data breach

Post by Dottie57 »

Clever_Username wrote: Wed Sep 04, 2024 11:40 am I didn't receive the notice, but I'm on a personal computer on which I stay logged in. I'm also fairly certain my password at BH is only used here.
+1. My pass word is unique here. I nly use my ipad to enter here. Use the password mgr from Apple.
Tdubs
Posts: 1880
Joined: Tue Apr 24, 2018 7:50 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by Tdubs »

So all the FBI needs to do is find the hacker with a lazy portfolio.
Dottie57
Posts: 12975
Joined: Thu May 19, 2016 5:43 pm
Location: U.S.

Re: Google notice- Bogleheads password exposed in data breach

Post by Dottie57 »

Normchad wrote: Wed Sep 04, 2024 2:03 pm I use mainly apple stuff. So'i just went into and looked. Lo and behold I have *57* compromised passwords.

I checked a few of them, and some of them ate very trivial. And some of them are not. Every site wants you to have an account now, and I do have a default trivial password that I use in a lot of places.

Anyway, I’m ignoring it…..
I have apple stuff to. I’ve rectified the few passwords that were compromised.
MadHungarian
Posts: 478
Joined: Tue Jan 02, 2018 3:53 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by MadHungarian »

Can i blame any posts that the moderators don't like, on my bogleheads account getting hacked?
Northern Flicker
Posts: 16421
Joined: Fri Apr 10, 2015 12:29 am

Re: Google notice- Bogleheads password exposed in data breach

Post by Northern Flicker »

I think it most likely means that the string you are using for your BH password was a password string that was part of a breach somewhere, not that your BH password was breached. You should be using passwords that are randomly generated by a password safe.
User avatar
LadyGeek
Site Admin
Posts: 98611
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Google notice- Bogleheads password exposed in data breach

Post by LadyGeek »

MadHungarian wrote: Thu Sep 05, 2024 1:03 am Can i blame any posts that the moderators don't like, on my bogleheads account getting hacked?
:D
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Afty
Posts: 2457
Joined: Sun Sep 07, 2014 5:31 pm

Re: Google notice- Bogleheads password exposed in data breach

Post by Afty »

Northern Flicker wrote: Thu Sep 05, 2024 3:00 am I think it most likely means that the string you are using for your BH password was a password string that was part of a breach somewhere, not that your BH password was breached. You should be using passwords that are randomly generated by a password safe.
That seems unlikely to me. Most non-random passwords are going to be reused by someone, somewhere. If this was the case, then you'd get false positives all the time. I think it's more likely OP reused their BH password somewhere that got compromised.
Topic Author
protagonist
Posts: 9629
Joined: Sun Dec 26, 2010 11:47 am

Re: Google notice- Bogleheads password exposed in data breach

Post by protagonist »

LadyGeek wrote: Wed Sep 04, 2024 6:06 pm
To be clear, the breach is within passwords saved in your browser. It has nothing to do with the security of this website. See: “Some of your saved passwords were found in a data breach…” Is the Google Notification Legit? | Trend Micro News

I use bitwarden for my password manager and never, ever, use my browser to store passwords.

(Thanks to the member who reported the post and explained what's wrong.)
I think you are right, that it is not associated with the site's security.
However, it is not "within passwords saved in your browser". I don't have ANY passwords saved in my browser. I use Keepass, which may be similar to the one you use, bitwarden, I don't know.
Post Reply