HACKED ACCOUNTS!!!!!

toddnjoyce

TGT Addict
Rating - 100%
3   0   0
Sep 27, 2017
12,408
113
Boerne
I agree. But on TGT I had a very secure password not used anywhere else yet it was somehow compromised. That is according to McAfee.

The compromise probably has zero to do with the strength of your password. Servers have to store you password (or a salted and hashed version of yours) for comparison and validation. Those catalogs of passwords are what hackers seek or purchase on the market in order to gain access to your account.
 

bbbass

Baffler of the Brilliant
Rating - 0%
0   0   0
Sep 2, 2020
1,467
113
NE Orygun
The compromise probably has zero to do with the strength of your password. Servers have to store you password (or a salted and hashed version of yours) for comparison and validation. Those catalogs of passwords are what hackers seek or purchase on the market in order to gain access to your account.

Good post!

Thank you for that information!!!

It really points up the need to have Two Factor Authentication for important accounts.
 

toddnjoyce

TGT Addict
Rating - 100%
3   0   0
Sep 27, 2017
12,408
113
Boerne

rotor

TGT Addict
Rating - 0%
0   0   0
Nov 1, 2015
2,893
113
Wichita Falls
The compromise probably has zero to do with the strength of your password. Servers have to store you password (or a salted and hashed version of yours) for comparison and validation. Those catalogs of passwords are what hackers seek or purchase on the market in order to gain access to your account.
The question then is how did TGT get hacked? My having 2 factor authentication doesn't keep TGT from getting hacked? Once TGT is hacked a hacker I assume can delete an account and immediately replace it with the same name. I assume this is what happened.
 

toddnjoyce

TGT Addict
Rating - 100%
3   0   0
Sep 27, 2017
12,408
113
Boerne
The question then is how did TGT get hacked?
I don’t the exact details, but the theories I’ve been privy too are common attacks.

… My having 2 factor authentication doesn't keep TGT from getting hacked?
No. Depending on how you choose your 2FA or MFA settings, each time an attempt to sign into TGT, you will be prompted to provide a separate method of authentication that only you *should* have. It drastically improves the protection of your account from being taken over, but doesn’t prevent every single way your account could be compromised, but it’s 99.999% effective.

…Once TGT is hacked a hacker I assume can delete an account and immediately replace it with the same name.
I don’t think so, username reuse wouldn’t work for a lot of reasons.

..I assume this is what happened.
It is not what happened.
 

benenglish

Just Another Boomer
Staff member
Lifetime Member
Admin
Rating - 100%
4   0   0
Nov 22, 2011
17,638
113
Spring
I don’t think so, username reuse wouldn’t work for a lot of reasons.
That didn't happen to TGT but part of the reason the whole situation put me in a panic was because it was possible in a practical sense. It wouldn't involve reusing a username, exactly, but simply replacing that user which has the same effect.

If no staff had been online as the hack happened I have no idea how far the guy would have gotten. Thank God for the changelogs that made it possible to fix things before they got too broken.
 

SQLGeek

TGT Addict
TGT Supporter
Rating - 100%
3   0   0
Sep 22, 2017
8,774
113
Richmond
The compromise probably has zero to do with the strength of your password. Servers have to store you password (or a salted and hashed version of yours) for comparison and validation. Those catalogs of passwords are what hackers seek or purchase on the market in order to gain access to your account.

Well said. Strong passwords help prevent them being easily guessed but breaches can still happen. This is why the industry recommends not reusing passwords.
 

Catherine1

Member
Rating - 0%
0   0   0
May 10, 2021
110
43
Montana
Hi Cate,

I just found this post today.

I don't recommend putting any personal contact info on any forum. (And it may not even be allowable).

The thread referred to for contact AFAIK is a list of those that know your private contact info.... so for instance, you could list me in/on that thread, and if you disappeared somebody could go there, find me as your contact, and ask me to get in touch with you.

If I'm not being clear and writing understandably, you can add to the PM we have going and I will try to do better.

bb


Okay and I already PUT your name on that one contact thread in case I am very SICK, dying or dead or just plain MISSING online.

You have my EMAIL that I share with my husband so IF something happens to me and since he does not do FORUMS and hasn't for many, many years... you or some person could ASK YOU to contact us.

He rarely does ANY EMAIL - I do the TINY BIT of email for real estate and for a couple of people. But he has the email info there IN CASE he does have to sign in and check it if I do die so he can notify some people via email or call them - the ones on another piece of paper (Telephone numbers.) in our important papers. My older brother, my older sister and a couple of friends back east.

By the way, I just signed in and answered you. Please check your messages.

Thanks friend!

Cate
 

Catherine1

Member
Rating - 0%
0   0   0
May 10, 2021
110
43
Montana
I agree. But on TGT I had a very secure password not used anywhere else yet it was somehow compromised. That is according to McAfee.

I had that happen on the OTHER FORUM that I mentioned in this thread. ABOVE POSTS.

That password OVER THERE was changed several times and I always signed into the forum from the FORUM'S OWN WEBSITE. NOT from any other LINK.

I do not use Fakebook or any of those things. I am NOT knocking people who choose to use them.

I had a super secure password and ran MANY NEWER SCANS again.

I ALWAYS CLEAN UP and scan after using forums and other sites even if I do NOT belong to them or even SIGN INTO THEM.

Yet, OVER there, not here, it said that my IP address was banned with NO explanation and in a day or so... I could READ the forum which I could not do when I got that IP ADDRESS BANNED, BLA BLA message and I could sign in which I did do ONLY ONCE SO FAR.

On top of that the software says over there that OTHER DEVICES canNOT be signed OUT of only mine - DEVICE/COMPUTER when you do a security check in the LOG OUT section and SESSIONS.

So it will show Apple, other things, other browsers that I do not use, other types and brands of computers that I do not use or own.

It is really strange.

Cate
 
Top Bottom