Google notice- Bogleheads password exposed in data breach
-
- Posts: 9629
- Joined: Sun Dec 26, 2010 11:47 am
Google notice- Bogleheads password exposed in data breach
When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.
I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.
Have you received a notice like this?
Were there any consequences?
I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.
Have you received a notice like this?
Were there any consequences?
Re: Google notice- Bogleheads password exposed in data breach
Just logged in about 30 minutes ago: 9a EST.
No notice of breach.
Cheers!
No notice of breach.
Cheers!
Re: Google notice- Bogleheads password exposed in data breach
No notices with my login this morning.
Thou shalt take no risks that thou needest not take. Seek wisdom not knowledge. Knowledge is of the past; wisdom is of the future.
Re: Google notice- Bogleheads password exposed in data breach
Hmm, it's not clear to me how Google (the search engine and internet/cloud company) was aware of what password you use at Bogleheads. Was it Chrome (your web browser, which is made by Google) that alerted you?protagonist wrote: ↑Wed Sep 04, 2024 8:25 am When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.
I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.
Have you received a notice like this?
Were there any consequences?
Do you use Chrome's password manager? And are you sure that you've never used this password elsewhere? Because from what you described, it sound like Chrome was alerting you that this password was used elsewhere, and that it was exposed in a data breach.
Re: Google notice- Bogleheads password exposed in data breach
^^ this would be my first hunch as well.
I've received no notice of any such breach.
- Clever_Username
- Posts: 2124
- Joined: Sun Jul 15, 2012 12:24 am
- Location: California
Re: Google notice- Bogleheads password exposed in data breach
I didn't receive the notice, but I'm on a personal computer on which I stay logged in. I'm also fairly certain my password at BH is only used here.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ |
|
I survived my first downturn and all I got was this signature line.
-
- Posts: 595
- Joined: Thu Feb 26, 2015 7:36 pm
Re: Google notice- Bogleheads password exposed in data breach
Password exposed or the hash? Big difference.
Re: Google notice- Bogleheads password exposed in data breach
Chrome's password manager does this, it's a feature called Password Checkup: https://blog.google/technology/safety-s ... d-checkup/. It compares your stored passwords against known compromised passwords and alerts you if any of them are found.
This is a good example of why it's so important to use a unique password per site. You can change your Bogleheads password and move on with your life, with no worries that any other sites are at risk.
This is a good example of why it's so important to use a unique password per site. You can change your Bogleheads password and move on with your life, with no worries that any other sites are at risk.
Re: Google notice- Bogleheads password exposed in data breach
Is it possible to determine whether this particular breach involved the host used by Bogleheads?
Re: Google notice- Bogleheads password exposed in data breach
I would not lose any sleep over my Bogleheads password being exposed.
Outside a dog, a book is man's best friend, inside a dog, it's too dark to read - Groucho
- SmileyFace
- Posts: 10003
- Joined: Wed Feb 19, 2014 9:11 am
Re: Google notice- Bogleheads password exposed in data breach
Maybe you used that password somewhere else in the distant past that was compromised?
If someone gets into my account I suppose they can yell and scream at folks and get me kicked off. Not much real harm would come from it.
If someone gets into my account I suppose they can yell and scream at folks and get me kicked off. Not much real harm would come from it.
Re: Google notice- Bogleheads password exposed in data breach
I use mainly apple stuff. So'i just went into and looked. Lo and behold I have *57* compromised passwords.
I checked a few of them, and some of them ate very trivial. And some of them are not. Every site wants you to have an account now, and I do have a default trivial password that I use in a lot of places.
Anyway, I’m ignoring it…..
I checked a few of them, and some of them ate very trivial. And some of them are not. Every site wants you to have an account now, and I do have a default trivial password that I use in a lot of places.
Anyway, I’m ignoring it…..
Re: Google notice- Bogleheads password exposed in data breach
It doesn't necessarily mean YOUR account was exposed. It means that the password you use is not unique to you and it's on a common password list and may be used in brute force attempts.
That said, what are the personal risks of having your forum account compromised?
That said, what are the personal risks of having your forum account compromised?
Re: Google notice- Bogleheads password exposed in data breach
I did not get that message.
-
- Posts: 9629
- Joined: Sun Dec 26, 2010 11:47 am
Re: Google notice- Bogleheads password exposed in data breach
Yes, sorry....Chrome.techbud wrote: ↑Wed Sep 04, 2024 8:51 amHmm, it's not clear to me how Google (the search engine and internet/cloud company) was aware of what password you use at Bogleheads. Was it Chrome (your web browser, which is made by Google) that alerted you?protagonist wrote: ↑Wed Sep 04, 2024 8:25 am When I logged into Bogleheads today, I got a notice from Google that my password was exposed in a data breach, and that I should change it immediately (which I did). It was different than all my other passwords. I have not received that notice when I logged into other sites.
I thought I should notify the community, in case others experience the same thing here. It was probably just me, but I am concerned that it could be the site.
Have you received a notice like this?
Were there any consequences?
I use Keepass.Do you use Chrome's password manager?
I probably have. Though I generally use different passwords for every site that requires one, my Bogleheads password was a simple one that I never changed (until now) since I joined Bogleheads in 2010. I didn't change it because Bogleheads is , to me, such a "low risk" site...if somebody impersonated me on Bogleheads or stole that password I wouldn't really care. I definitely don't use it for anything even slightly potentially critical. It's not like if somebody got my password to get into a bank account, for example. And no, it wasn't something stupid like "password1" or my birthday.And are you sure that you've never used this password elsewhere?
The following is a link to the message from somebody else who received it, and somebody's (Google's) response: https://support.google.com/chrome/threa ... word?hl=enBecause from what you described, it sound like Chrome was alerting you that this password was used elsewhere, and that it was exposed in a data breach.
- nisiprius
- Advisory Board
- Posts: 53589
- Joined: Thu Jul 26, 2007 9:33 am
- Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry
Re: Google notice- Bogleheads password exposed in data breach
I just tried, using Chrome, in which at some point I had stored my Bogleheads' forum password, and got no warning.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
- oldcomputerguy
- Moderator
- Posts: 18804
- Joined: Sun Nov 22, 2015 5:50 am
- Location: Tennessee
Re: Google notice- Bogleheads password exposed in data breach
I have a very long, complex password for the forum, which I store in the Chrome password manager. Like Nisiprius, I just logged out and back in, and got no warning. The password I use for Bogleheads.org is not used anywhere else.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Re: Google notice- Bogleheads password exposed in data breach
This thread is now in the Forum Issues and Administration forum (password).
To be clear, the breach is within passwords saved in your browser. It has nothing to do with the security of this website. See: “Some of your saved passwords were found in a data breach…” Is the Google Notification Legit? | Trend Micro News
I use bitwarden for my password manager and never, ever, use my browser to store passwords.
(Thanks to the member who reported the post and explained what's wrong.)
To be clear, the breach is within passwords saved in your browser. It has nothing to do with the security of this website. See: “Some of your saved passwords were found in a data breach…” Is the Google Notification Legit? | Trend Micro News
I use bitwarden for my password manager and never, ever, use my browser to store passwords.
(Thanks to the member who reported the post and explained what's wrong.)
Re: Google notice- Bogleheads password exposed in data breach
+1. My pass word is unique here. I nly use my ipad to enter here. Use the password mgr from Apple.Clever_Username wrote: ↑Wed Sep 04, 2024 11:40 am I didn't receive the notice, but I'm on a personal computer on which I stay logged in. I'm also fairly certain my password at BH is only used here.
Re: Google notice- Bogleheads password exposed in data breach
So all the FBI needs to do is find the hacker with a lazy portfolio.
Re: Google notice- Bogleheads password exposed in data breach
I have apple stuff to. I’ve rectified the few passwords that were compromised.Normchad wrote: ↑Wed Sep 04, 2024 2:03 pm I use mainly apple stuff. So'i just went into and looked. Lo and behold I have *57* compromised passwords.
I checked a few of them, and some of them ate very trivial. And some of them are not. Every site wants you to have an account now, and I do have a default trivial password that I use in a lot of places.
Anyway, I’m ignoring it…..
-
- Posts: 478
- Joined: Tue Jan 02, 2018 3:53 pm
Re: Google notice- Bogleheads password exposed in data breach
Can i blame any posts that the moderators don't like, on my bogleheads account getting hacked?
-
- Posts: 16421
- Joined: Fri Apr 10, 2015 12:29 am
Re: Google notice- Bogleheads password exposed in data breach
I think it most likely means that the string you are using for your BH password was a password string that was part of a breach somewhere, not that your BH password was breached. You should be using passwords that are randomly generated by a password safe.
Re: Google notice- Bogleheads password exposed in data breach
MadHungarian wrote: ↑Thu Sep 05, 2024 1:03 am Can i blame any posts that the moderators don't like, on my bogleheads account getting hacked?
Re: Google notice- Bogleheads password exposed in data breach
That seems unlikely to me. Most non-random passwords are going to be reused by someone, somewhere. If this was the case, then you'd get false positives all the time. I think it's more likely OP reused their BH password somewhere that got compromised.Northern Flicker wrote: ↑Thu Sep 05, 2024 3:00 am I think it most likely means that the string you are using for your BH password was a password string that was part of a breach somewhere, not that your BH password was breached. You should be using passwords that are randomly generated by a password safe.
-
- Posts: 9629
- Joined: Sun Dec 26, 2010 11:47 am
Re: Google notice- Bogleheads password exposed in data breach
I think you are right, that it is not associated with the site's security.LadyGeek wrote: ↑Wed Sep 04, 2024 6:06 pm
To be clear, the breach is within passwords saved in your browser. It has nothing to do with the security of this website. See: “Some of your saved passwords were found in a data breach…” Is the Google Notification Legit? | Trend Micro News
I use bitwarden for my password manager and never, ever, use my browser to store passwords.
(Thanks to the member who reported the post and explained what's wrong.)
However, it is not "within passwords saved in your browser". I don't have ANY passwords saved in my browser. I use Keepass, which may be similar to the one you use, bitwarden, I don't know.