Only Monzo would have a hack list
Blame @danny. He loves a good hack!
Small one? Email from Fandabby.net:
Fandabby have suffered a Data Breach
At 11:47 PM (GMT) on the 12th December 2018, we became aware of unauthorized access to our website. We took immediate steps to block access to the unlawful person(s), and have since launched a full investigation into the breach.
NO CREDIT CARD DETAILS OR PASSWORD WERE ACCESSED
Our website got hacked by an unlawful person(s) who gained access to personal information of Fandabby customers and orders. We deeply apologise for the frustration and anxiety this may cause you, and we thank you for your patience and support as we work through this together.
What Information Was Breached?
Lists of IP addresses which accessed Fandabby from 1-12th December 2018, Email Addresses, Names, Addresses, and Phone Numbers. NO CREDIT CARD DETAILS OR PASSWORDS WERE ACCESSED.
As some personal information was accessed you may experience spammy emails, texts, calls or postal scams. DO NOT reply or interact with these! Immediately report anything suspicious to email@example.com - (if this email is unavailable please send an email to firstname.lastname@example.org).
What are we doing?
We are taking this breach very seriously. All accounts which signed up to Fandabby after 2013 have had their password automatically reset. This measure has been put in place to prevent suspicious activity on our site.
We have increased our website protection and are regularly checking for irregular activity. This may lead to visitors to seeing this message: “Checking your browser before accessing fandabby.net”. Do not be alarmed, this is our 3rd party security software checking you are a legitimate visitor. We know this can be frustrating but it allows Fandabby to filter out the goodies from the baddies!
Any orders are being checked manually for fraud, resulting from this breach, and any illegitimate cases found will be reported to the relevant authorities.
We understand you might be anxious to talk about it. Please feel free to contact us via email - email@example.com. Our team will do its utmost best to answer any questions you may have.
Copyright © 2018 Fandabby, All rights reserved.
You are receiving this email because you opted in to receiving monthly Self Care tips and Fandabby news on www.fandabby.net
Our mailing address is:
Aberdeen, AB10 6SX
Never heard of them but they’ve got a great name
T-shirt’s and donations for mental health awareness.
How?! They can put a rover on Mars but can’t secure their servers…
Ouch, this has gotta hurt.
I clicked on this topic thinking this might be a fun list of life hacks, but I got brought back down to Earth very quickly!
So the MyFinessPal data breach has finally surfaced online…
MyFitnessPal: In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to “BenjaminBlue@exploit.im”.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
You should add this here
Just yesterday I got this about my account - a year after the event.
Not very timely.
Thanks, done. Remembered that thread but couldn’t seem to find it. Surprised its not already on there as it was confirmed last year!
In fairness though, the data breach was on sale on the dark web for a long while and is not exactly easy to get hold of. HIBP won’t have been able to get the data any sooner if its not freely available.
Thanks. I am not really up on the “dark” side of things, but the registration blurb with pwned did suggest that their awareness of (and notification of) data misuse might give me time to take some action. Luckily my e-mail clients block a lot of the rubbish so generally no action be me is needed. R-
They mean they try to tell you as soon as data is made public, but obviously hackers can be using it long before it surfaces for sale.
If you’re still using the same passwords anywhere as you were for MFP at the time of the breach, make sure you change them. Avoid reusing passwords, and change the ones for your sensitive accounts occasionally.