Social Engineering: Staying Safe

I did that thing that haunts the back of your mind. I searched myself... Various bits of information turned up on numerous black market sites where some forum or miscellaneous database has been compromised.

Many forum packages or other software with known password hashing methods or none at all, are reverse engineered or sent through some readily available hardware resources to cycle passwords and match hashes.

Within these databases and utilizing the powers of the internet we now have compiled lists containing common information:
- email
- plain text password
- username
- other database fields associated with entry

Perform these same steps with a few dozen different databases and you can begin to compare data and build a profile. Match up usernames, emails or passwords and it becomes quite telling if its the same person.
Tons of very personal information is available online and quite easy to access if you know where to look. This can be especially bad if some one off shopping website who has not updated their software for a year has their sql db ripped off containing customer email, full name, address, password...

Here are some tips to keep your information separate and obfuscated:


Password manager - helps with following tips.
Different usernames - have a variety, the password manager can keep track of these. Maybe by genre of site.
Unique random passwords -
Email by genre of site - have multiple emails and use them in a certain category of site.

Ashes to ashes


You cant protect whats already been stolen. Consider what you've potentially lost by now and your browsing habbits. Have you used the same email and password for multiple logins?
Search DuckDuckGo or Google for different identifying information such as email, username, address...
Check https://haveibeenpwned.com/ to see if you have turned up in known leaks
A list of databases and dates https://breachalarm.com/all-sources

If anyone has any input or ideas please share and ill update this post.

2 Likes

I recently found a UPlay database rip that was posted October of 2016 containing username, email, plain text password, owned games, and platform (xbox, ps4, pc).

Ill wait for consent from a mod before posting or sharing any links. Just use DDG or google to search for your email, username or what ever.

2 Likes