1. Due to issues with external spam filters, QQ is currently unable to send any mail to Microsoft E-mail addresses. This includes any account at live.com, hotmail.com or msn.com. Signing up to the forum with one of these addresses will result in your verification E-mail never arriving. For best results, please use a different E-mail provider for your QQ address.
    Dismiss Notice
  2. For prospective new members, a word of warning: don't use common names like Dennis, Simon, or Kenny if you decide to create an account. Spammers have used them all before you and gotten those names flagged in the anti-spam databases. Your account registration will be rejected because of it.
    Dismiss Notice
  3. Since it has happened MULTIPLE times now, I want to be very clear about this. You do not get to abandon an account and create a new one. You do not get to pass an account to someone else and create a new one. If you do so anyway, you will be banned for creating sockpuppets.
    Dismiss Notice
  4. If you wish to change your username, please ask via conversation to tehelgee instead of asking via my profile. I'd like to not clutter it up with such requests.
    Dismiss Notice
  5. Due to the actions of particularly persistent spammers and trolls, we will be banning disposable email addresses from today onward.
    Dismiss Notice
  6. A note about the current Ukraine situation: Discussion of it is still prohibited as per Rule 8
    Dismiss Notice
  7. The rules regarding NSFW links have been updated. See here for details.
    Dismiss Notice
  8. The testbed for the QQ XF2 transition is now publicly available. Please see more information here.
    Dismiss Notice

Data breach..?

Discussion in 'Suggestions & Bugs' started by The Grim Squeaker, Dec 26, 2020.

  1. The Grim Squeaker

    The Grim Squeaker Squeak, bitch.

    Joined:
    Mar 4, 2015
    Messages:
    321
    Likes Received:
    322
    Hey all, I've just received a notification from Chrome that my QQ email and password have been found in a data breach:

    [​IMG]

    Any thoughts on this? I'm assuming the only way this could have been leaked is through QQ, I'm fairly certain I don't have some kind of virus leaking my passwords and user data all over the gaff.

    Cheers.
     
    Ddmkm122 and LurkingInTheDeceit like this.
  2. magic9mushroom

    magic9mushroom BEST END.

    Joined:
    Feb 11, 2016
    Messages:
    3,789
    Likes Received:
    16,307
  3. UrsaTempest

    UrsaTempest Yuri Fanatic, Archivist

    Joined:
    May 16, 2013
    Messages:
    5,677
    Likes Received:
    14,540
    It just means either you use the same email or the same password or both as the one found on data breaches, not QQ being breached.

    (well, probably not being breached)
     
  4. The Grim Squeaker

    The Grim Squeaker Squeak, bitch.

    Joined:
    Mar 4, 2015
    Messages:
    321
    Likes Received:
    322
    There's definitely logic there, though I'd note it's an email and password combo I use for quite a few things, and only QQ and one or two others were listed as breached passwords. Given its a 300+ long list of saved passwords, I'd imagine it'd be more than a handful if that's the reason, no?
     
    Ddmkm122 and LurkingInTheDeceit like this.
  5. UrsaTempest

    UrsaTempest Yuri Fanatic, Archivist

    Joined:
    May 16, 2013
    Messages:
    5,677
    Likes Received:
    14,540
    Your browser might just don't check that unless you deliberately do security audit.

    Anyway, I checked if haveibeenpwned added new breach dataset, and if it contains QQ, and it doesn't seems they do. I checked my email registered for QQ, and it's not reported as being breached as well.

    So as far as I can reasonably determine, QQ is not breached and it's breached dataset being spread before being acquired by breach alert service.
     
  6. ultima333

    ultima333 Happy Sunflower Time Administrator

    Joined:
    Apr 3, 2014
    Messages:
    3,420
    Likes Received:
    17,390
    Chrome is checking the password, not the email or website.


    It means that your password has been found on a separate data breach, and is now in password dictionaries - huge lists that hackers pass around of things people have used as passwords.

    [​IMG]


    Chrome's making a hash (like a fingerprint) of the password, and comparing it to their list of hashes known to be in password dictionaries. If it comes up with a match, then it says "Hey, your password is known to bad guys, we don't know how/where, but the password isn't a Unique, Strong Password as is recommended. You should make a new unique and strong password for each website, as per proper security practice."


    If you were to go to any other website that uses this password (not necessarily the username/email, just the password) you should get the same message from Chrome.


    Chrome isn't saying that QQ itself has been compromised.
     
  7. The Grim Squeaker

    The Grim Squeaker Squeak, bitch.

    Joined:
    Mar 4, 2015
    Messages:
    321
    Likes Received:
    322
    Thank you for the reply, good to know!

    I should, but perhaps bizarrely I don't. Same password I use on SB and SV, for example. Strange! I'll assume it's a google issue, haha.

    Cheers for putting my worries to rest though! Feel free to delete/lock the thread if needed.
     
    Ddmkm122 and LurkingInTheDeceit like this.
  8. ultima333

    ultima333 Happy Sunflower Time Administrator

    Joined:
    Apr 3, 2014
    Messages:
    3,420
    Likes Received:
    17,390
    You can also go into Chrome's password manager and do "Check Passwords" and it will go through your Remembered/Saved Passwords and check if any have hits, too, if you don't want to log out / back in to the sets.

    On Android, open Settings, go to Passwords, and hit Check Passwords.

    The thread can be kept open in case anyone else has any questions.
     
    Ddmkm122 and LurkingInTheDeceit like this.
  9. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,859
    As previously noted, it seems likely this breach is due to password reuse and originates from another site. I haven't seen any sign of QQ data being available through breach trackers.

    If anyone has any information otherwise, I would greatly appreciate being made aware of it soonest.
     
    Ddmkm122 and LurkingInTheDeceit like this.