Jump to content
Sign in to follow this  
Ruby Eyes

Have your credentials been snooped?

Recommended Posts

So I found the email address  that I'm using for dragcave.net (and dragcave ONLY, not even for the forums) here: https://haveibeenpwned.com/

Unsurprising, since I also recently received some wannabe blackmail spam with that email address AND my old password (has been changed a while ago). The sender wants bitcoins for a video that cannot possibly exist - how do they hack a webcam if the computer has none? XD

 

Looks like another game's account has been leaked for me as well, also last.fm. Luckily, neither my work nor my payment addresses are compromised. So far, knock on wood.

 

Do you find yourself in there?

Share this post


Link to post

Curses. My main email address is listed as "pwned" because of Tumblr and Patreon (which I already knew, and changed the passwords years ago), but apparently it's also in the new thing they call "Collection #1" - and there is no way to find out which of my passwords is in that list? (Except for trying to remember all the passwords I've ever used and entering them individually on their password search page...)

Share this post


Link to post

Yeah - there seems no way to check. But my MAIN address is safe - I don't use it for ANYWHERE important - just for email !

Share this post


Link to post
1 hour ago, Confused Cat said:

the new thing they call "Collection #1"

Its contents are not really that new, I think. It's just a collection from various sources of stuff gathered through the years.

Basically, just change your password everywhere where you use that address, including the email account itself *shrugs*

Share this post


Link to post

that's weird that your dc-only email's been flagged - i've asked my sisters and of the 4 of us, only one email address has been breached (which is an email she uses for everything, so...).  i also use my email for pretty much everything and it hasn't been flagged up or anything.

Share this post


Link to post
30 minutes ago, ----- said:

that's weird that your dc-only email's been flagged - i've asked my sisters and of the 4 of us, only one email address has been breached (which is an email she uses for everything, so...).  i also use my email for pretty much everything and it hasn't been flagged up or anything.

You joined last year, right? I suspect it's similar with your sisters. Your passwords may simply have NOT YET existed back when my data was stolen.

Share this post


Link to post
1 minute ago, Ruby Eyes said:

You joined last year, right? I suspect it's similar with your sisters. Your passwords may simply have NOT YET existed back when my data was stolen.

ah yeah, i joined back in october. but my sisters joined much earlier - according to their scroll dates, one joined back in 2009, another joined in may 2011, and another joined in nov 2011. the 2nd person was the only one to have her email 'pwned'.

Share this post


Link to post

And the others didn't change their email address for DC within the past 2-3 years? Just wondering :)

Share this post


Link to post

sister from 2009 is out rn but the other two say they've used the same emails since they started playing. so i have no idea why yours is different, but either way we all plan to change/improve our passwords.

Share this post


Link to post

I already messaged TJ about this the other day. I got the same email Ruby did, and decided I should check in on it  I'm not about to share the contents of the messages, but basically:

 

The leak isn't new. The information they have on me is from at least a few years ago.

Both the site and the forum currently have adequate security, and they're using the current best encryption method.

He pointed me to This forum post, which I'd missed at the time, but it certainly seems to line up with the timeframe.

TJ himself can't find his dragcave information in the pwned database, but I know that my old dc-forum-only password, along with at least a few friends', appears 4 times in the database. It looks like some portion (but not all of) the forum data was pwned. I imagine it has been doing the rounds for a while, but that it's recently resurfaced- hence the influx of blackemails.

 

As Mentioned above, you can check https://haveibeenpwned.com/ to see if your email was on a breached site.

 

There's also another page,  https://haveibeenpwned.com/passwords , which allows you to test any individual passwords. 

 

 

Edited by dracocharky

Share this post


Link to post
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.