• Now's your chance win big! Join our community and get entered to win a RTX 2060 GPU, plus more! Join here.

    Pi Cast Episode 3 streams live on Tuesday, August 4th at 2:30 pm ET (7:30 PM BST). Watch live right here!

    Catch Scharon on the Tom's Hardware Show live on Thursday, August 6th at 2:00 pm ET (7:00 PM BST). Click here!

Site Breach - CREDITKARMA.COM also Breached @ Same Time

xkeyscore89

Honorable
Feb 27, 2015
7
0
10,510
0
EDIT: CREDITKARMA.COM ALSO BREACHED within last 24 hours, sorry I didn't see the sticky about security vulnerabilities until I posted this
Just got a notification from google that this site was breached and my password and email were compromised. I just noticed this feature on Chrome's settings and it wll automatically check stored passwords against known data breaches. I had a few but I'm letting sites know that I care about that this happened in case the admins or users are not aware.

EVERYONE CHANGE YOUR PASSWORD......TOM'S HARDWARE PLEASE GET YOUR OUTSOURCED IT TEAM ON THIS IMMEDIATELY, IF THIS IS MANAGED IN-HOUSE, YOU NEED TO CHECK LOGS AND RUN PENETRATION TESTING TO FIGURE OUT HOW HE GOT IN.
 

rgd1101

Titan
Moderator
Just got a notification from google that this site was breached and my password and email were compromised. I just noticed this feature on Chrome's settings and it wll automatically check stored passwords against known data breaches. I had a few but I'm letting sites know that I care about that this happened in case the admins or users are not aware.
didn't find anything. Maybe you are the one who got hacked?
 

popatim

Titan
Moderator
It came from Chrome and is part of Google's Safe Browsing feature.
https://support.google.com/chrome/thread/23534509?hl=en

We haven't been hacked that I know of.

@xkeyscore89 the Username & Password combo you used on this site was found as a match in some previous data breach. This means YOU need to change your passwords. It does not mean this site was hacked. This feature ONLY checks the username/pw combo that was used against the list of known 'breached' combos and your's scored a hit. It doesn't even mean it was your account, just that the same ID & PW was used, and breached , somewhere on the net.
 
Reactions: rgd1101

rubix_1011

Contributing Writer
Moderator
It came from Chrome and is part of Google's Safe Browsing feature.
https://support.google.com/chrome/thread/23534509?hl=en

We haven't been hacked that I know of.

@xkeyscore89 the Username & Password combo you used on this site was found as a match in some previous data breach. This means YOU need to change your passwords. It does not mean this site was hacked. This feature ONLY checks the username/pw combo that was used against the list of known 'breached' combos and your's scored a hit. It doesn't even mean it was your account, just that the same ID & PW was used, and breached , somewhere on the net.

Yep, correct.

It isn't necessarily the SITE which has the issue, it is YOU (the person) who has the potential breach issue either by username or PW or both.

For example, if you use the combo of 'admin/password123' this is going to flag on a lot of sites, but does not mean the site you used it on was compromised, it means the use of either user, password or the combination of each has been used by you - the user - and you should defnitely change your PW to something strong.
 

ASK THE COMMUNITY

TRENDING THREADS