Yesterday at 11pm I had a Facebook alert saying someone from Hungary tried to log into my account. Today at 3pm thee same again but twitter.
My password is fairly strong, symbols and numbers, mixed caps. 16 characters long.
Do these warnings mean they successfully logged in and it flagged as unknow geoip location, oor they just attempted with say, my phone number or email?
Twitter and Facebook share a password with some social forums I use, hence concern.
>>54375867
>sharing passwords between sites
u dun goofed
>>54375867
You use same password on multiple account - there is your problem. Some site lost its database and now its either free to get or for sale to people who use it with their login bots.
>>54375902
I mean only about 6/7 different places share this one. It's difficult to keep track of them all so I have passwords grouped between site/app genres.
Anyway the question is did it flag on email alone or password being correct?
>>54375917
>only about 6/7 different places share this one
>>54375934
The warnings only say someone tried to log in, but change all your passwords anyway.
>>54375917
> only about 6/7
> only
> 6/7
>>54375917
>I mean only about 6/7 different places share this one
I probably have accounts on around 50 forums of which I actively post among ~15.
Linkedin, twitter, Facebook, crunchy roll, steam, banks, maybe 15 ecommerce sites. I mean I probably have around 60/70 active and regular use accounts with about 20 passwords spread amongst them...
I'd consider that reasonably good going but I don't have an elephants memory...
I might write some key chain like software for myself...
I tracked it back to a hash dump posted on siph0n...
Just curious. What's your password anyways?
I got a few of these about two weeks ago on Facebook, one from Hungary and another from Czech Republic. I use LastPass for tracking passwords which are all randomly generated for each new account so I was fine. Out of interest I searched my details and found it was in a login dump for ComicBookDB from 2014 with an old password.
Change all passwords, use mutli tiered password manager, change passwords every day for a week, then every week for a month, then every month, install anti malware everything's, burn computer
Op here, home from work but yea it was a tek syndicate account dump with hashes. I haven't logged in since around 2012 and none of my currently used passwords let me log in. So should be aight.
Will change all of them anyway and find a password manager.
>>54375917
you should have different genre of sites that use the same pass, not same..
>>54375867
>Do these warnings mean they successfully logged in
Maybe
These will flag if
- someone gets into your account
- someone gets your password right but gave up after hitting a checkpoint (like 2FA) or a "you look suspicious" checkpoint
- someone passed 2FA/checkpoint and also logged in.
If you're unsure, in your settings/security, you can see all active and recent logins, from where and what browser. Remove unrecognised sessions and change your password.
As others have said, you have to look into your account and confirm it. Maybe the system rejected them because of the location, but they still used the password etc... check through your logins and from where, change your password no matter what, and use 2FA if you can, even if its your phone or email.
Oh, and if you need better password management, there are only couple of worthy programs, all open source. Encryptr is an alternative to LastPass because it is stored online, but it uses end-to-end encryption and all of its engine is open source and build on the open source Crypton framework given away by SpiderOak - that's who's servers your shit is being stored upon , but they can't read it since decrypted in browser.
Other than that, PasswordSafe is one option but it is a bare bones sort of place to store your passwords. The one I suggest is Keepass (and/or KeepassX) yes, they are two different programs that use the same type of database. The former, at keepass.info has an absolute fuckload of plugins and options. Want Keepass to generate HOTP/TOTP codes? There's a plugin for that. Want to use Keepass in place of Firefox's built in password manager seamlessly? There's an addon for that - and actually part of it is a Firefox addon - Keefox. Works well. There are also tons of mobile apps, especially for Android, that replicate Keepass function so you can use it on the go to tap into your same database file, if you made it available via VPN and/or hosted it in some storage somewhere online - I suggest Keepass2Android as one with the most features, and KeePassDroid as a fallback. There are also a few others.
Enjoy, and for fuck's sake get off Facebook! If you must social network, use one of the privacy respecting alternatives.
>>54375917
You're a fucking idiot. Only share passwords between the unimportant sites that you don't care about getting hacked, and don't store any of your info. Use strong unique passwords for EACH separate important site.
>>54378153
>and none of my currently used passwords let me log in.
Cuz the Hungarians changed them obviously.
>>54379058
I'm 50% hungarian.
