• The site has now migrated to Xenforo 2. If you see any issues with the forum operation, please post them in the feedback thread.
  • Due to issues with external spam filters, QQ is currently unable to send any mail to Microsoft E-mail addresses. This includes any account at live.com, hotmail.com or msn.com. Signing up to the forum with one of these addresses will result in your verification E-mail never arriving. For best results, please use a different E-mail provider for your QQ address.
  • For prospective new members, a word of warning: don't use common names like Dennis, Simon, or Kenny if you decide to create an account. Spammers have used them all before you and gotten those names flagged in the anti-spam databases. Your account registration will be rejected because of it.
  • Since it has happened MULTIPLE times now, I want to be very clear about this. You do not get to abandon an account and create a new one. You do not get to pass an account to someone else and create a new one. If you do so anyway, you will be banned for creating sockpuppets.
  • Due to the actions of particularly persistent spammers and trolls, we will be banning disposable email addresses from today onward.
  • The rules regarding NSFW links have been updated. See here for details.

Data breach..?

The Grim Squeaker

The Grim Squeaker

Squeak, bitch.
Joined
Mar 4, 2015
Messages
321
Likes received
323
Hey all, I've just received a notification from Chrome that my QQ email and password have been found in a data breach:

OSHKtjJ.jpg


Any thoughts on this? I'm assuming the only way this could have been leaked is through QQ, I'm fairly certain I don't have some kind of virus leaking my passwords and user data all over the gaff.

Cheers.
 
UrsaTempest said:
It just means either you use the same email or the same password or both as the one found on data breaches, not QQ being breached.

(well, probably not being breached)
Click to expand...
Click to shrink...
There's definitely logic there, though I'd note it's an email and password combo I use for quite a few things, and only QQ and one or two others were listed as breached passwords. Given its a 300+ long list of saved passwords, I'd imagine it'd be more than a handful if that's the reason, no?
 
Your browser might just don't check that unless you deliberately do security audit.

Anyway, I checked if haveibeenpwned added new breach dataset, and if it contains QQ, and it doesn't seems they do. I checked my email registered for QQ, and it's not reported as being breached as well.

So as far as I can reasonably determine, QQ is not breached and it's breached dataset being spread before being acquired by breach alert service.
 
The Grim Squeaker said:
Hey all, I've just received a notification from Chrome that my QQ email and password have been found in a data breach:

OSHKtjJ.jpg


Any thoughts on this? I'm assuming the only way this could have been leaked is through QQ, I'm fairly certain I don't have some kind of virus leaking my passwords and user data all over the gaff.

Cheers.
Click to expand...
Click to shrink...
Chrome is checking the password, not the email or website.


It means that your password has been found on a separate data breach, and is now in password dictionaries - huge lists that hackers pass around of things people have used as passwords.

unknown.png



Chrome's making a hash (like a fingerprint) of the password, and comparing it to their list of hashes known to be in password dictionaries. If it comes up with a match, then it says "Hey, your password is known to bad guys, we don't know how/where, but the password isn't a Unique, Strong Password as is recommended. You should make a new unique and strong password for each website, as per proper security practice."


If you were to go to any other website that uses this password (not necessarily the username/email, just the password) you should get the same message from Chrome.


Chrome isn't saying that QQ itself has been compromised.
 
Thank you for the reply, good to know!

ultima333 said:
If you were to go to any other website that uses this password (not necessarily the username/email, just the password) you should get the same message from Chrome.
Click to expand...
Click to shrink...

I should, but perhaps bizarrely I don't. Same password I use on SB and SV, for example. Strange! I'll assume it's a google issue, haha.

Cheers for putting my worries to rest though! Feel free to delete/lock the thread if needed.
 
The Grim Squeaker said:
Thank you for the reply, good to know!



I should, but perhaps bizarrely I don't. Same password I use on SB and SV, for example. Strange! I'll assume it's a google issue, haha.

Cheers for putting my worries to rest though! Feel free to delete/lock the thread if needed.
Click to expand...
Click to shrink...
You can also go into Chrome's password manager and do "Check Passwords" and it will go through your Remembered/Saved Passwords and check if any have hits, too, if you don't want to log out / back in to the sets.

On Android, open Settings, go to Passwords, and hit Check Passwords.

The thread can be kept open in case anyone else has any questions.
 
As previously noted, it seems likely this breach is due to password reuse and originates from another site. I haven't seen any sign of QQ data being available through breach trackers.

If anyone has any information otherwise, I would greatly appreciate being made aware of it soonest.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top