Home › Forums › Administration & Support › Website: Bug Reports, Feature Requests, Known Issues, and Changelog › Google is reporting password data breach – what does this mean?
Oct 14, 2020 at 6:51 am #3679631Geoff CaplanBPL Member
@geoffcaplanLocale: Lake District, Cumbria
The password manager in Google Chrome is reporting that my BPL password was compromised a few days ago.
I don’t know how accurate Google is with these alerts, but it surely warrants serious investigation.
Please report back to the community.Oct 14, 2020 at 6:55 am #3679632matthew kModerator
Thanks for the heads-up. It only takes a moment to update a password so I just did that out of an abundance of caution.Oct 14, 2020 at 8:08 am #3679639
I get that on a number of websites
But, if someone stole my password and they were able to read BPL articles it wouldn’t bother me. And no one would steal passwords and sell them to anyone. “Look, for $5 I’ll sell you a BPL password so you can post comments on their forum”.
If someone stole my bank password I’d change it. If I have a bank password : )Oct 14, 2020 at 8:11 am #3679641
I’m also getting emails “from ebay” that my password has been violated, and a convenient link to click on to change my password. I clicked the “spam” button.Oct 14, 2020 at 8:52 am #3679650Ryan JordanAdmin
@ryanLocale: Central Rockies
Here’s some info on what this actually means:
General guidelines to keep your account safe:
- Use complex passwords 12-18 characters that mix numbers, letters, case, and symbols with no guessable words in them, and use a password manager to secure them.
- Be very wary of unsecured public WiFi hotspots. It’s very easy to sniff passwords like this, and it’s becoming quite common.
- Don’t use the same password twice. Unique password at each site.
BPL forces strict SSL standards but we can’t control the strength of your password or user behavior – Geoff – not suggesting at all this is your fault. Users getting their passwords stolen by bad actors monitoring public internet traffic, or through bad site security measures is unfortunately all too common.
We block several hundred thousand malicious attacks at BPL alone each month. It requires expensive, enterprise-grade software to keep our site secure. However, that doesn’t prevent brute-force password-guessing attacks here, so a warning to those of you who have their accounts secured by simple passwords, or if you are using the same password here as you do elsewhere.
What likely happened is that your username and password combo was stolen or guessed, sold in a database, the database became public, and it made its way into one of the centralized stolen password archives that are available to security companies used by Google and others to identify security breaches.Oct 14, 2020 at 9:11 am #3679652Dan YBPL Member
I’ll no longer log in….just read only. Problem solved :-)Oct 14, 2020 at 10:15 am #3679659Todd TBPL Member
@texasbbLocale: Pacific Northwest
But, if someone stole my password and they were able to read BPL articles it wouldn’t bother me.
Well if I ever snag your password, Jerry, I’m gonna say things (as you) that make you sound like a newbie hiker who takes selfies and leaves traces. :-)Oct 14, 2020 at 10:42 am #3679665
Then I can blame anything stupid I say on you : )Oct 14, 2020 at 11:10 am #3679667
- You must be logged in to reply to this topic.