Commit bf11a79b authored by Jeffrey Randow's avatar Jeffrey Randow

Malware PSA

parent 550e1830
Pipeline #8106833 passed with stages
in 24 seconds
+++
date = "2017-05-08"
title = "PSA - Exploit.in and Anti-Public Exploit Warning"
categories = ["netsec"]
comments = "true"
tags = ["netsec","malware"]
+++
This is a quick PSA (Public Service Announcement) to go check to see if your email address is included on the recently released-to-the-public Anti Public Combo List or the Exploit.in list. I was listed in the Exploit.in list. Note that if you are on the list, you generally did not do anything to cause yourself to be on this list - a website that you used was compromised and the account database was added to list.
The potential harm, though, is that one or more of your passwords is now publically accessible. If you still use this password, you are subject to fraud, account takeover, or malware distribution.
The moral of the story is to use a good password story and strong passwords for each website. I use LastPass as it is now free and is available on all of my devices. Another option (for the sites that accept it) is to use Two-Factor Authentication. Apple, Microsoft, Google, Facebook, and Twitter all support it.
To check your self, visit the [Have I Been Pwned!](https://haveibeenpwned.com/) website. It will tell you of all of the public breaches that you may be affected by. If you are a system administrator, you can do a domain-wide search to see what business email addresses may have been compromised.
See [Troy Hunt's blog](https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/) for more information about the Anti Public Combo and Exploit.in lists which affect almost 460 and 590 million users respectively.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment