Posted on 07/20/2020 6:21:17 AM PDT by ProtectOurFreedom
An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.
Watthpad is a web site that allows members to publish user-generated stories on a variety of different topics. The site is immensely popular and is ranked as the the 150th most visited site worldwide.
Since July 7th, BleepingComputer has been tracking the rumored private sale of a Wattpad database containing over 200 million records.
In an anonymous tip, BleepingComputer was told that this database was being sold by Shiny Hunters, a group known for selling company databases acquired in data breaches.
At the time, Cyber intelligence firm Cyble told BleepingComputer that this database was being sold for ten bitcoins, or almost $100,000 at the time.
BleepingComputer contacted Shiny Hunters about this breach, and at first, they were concerned about how we knew about the sale, and then later denied having anything to do with it.
A few sample records of this database seen by BleepingComputer contain user names, names, hashed passwords, email addresses, and general geographic location.
(Excerpt) Read more at bleepingcomputer.com ...
You've been pwned!I must have used WattPad once five years ago and I had the app on my phone. Fortunately, I had no information there and I use tough passwords. Nevertheless, I just changed my password on WattPad.
You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach:
Email found: xxxx.xxxxx.com
Breach: Wattpad
Number of accounts: 268,765,495
Compromised data: Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Social media profiles, User website URLs, Usernames
Description: In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes.
More importantly, I just changed my password on FR to a very long and tough one. It had been a long time since I last changed my FR password.
Of course, having a tough password does not help much when the hackers steal both user names, in-the-clear / unhashed passwords and content.
Two Factor Authentication is valuable because you have to know something and possess something (it would be great if Jim Rob implemented TFA here on FR). But it only prevents the bad guys from logging into your account; it doesn’t help when user credentials and the content are stolen.
Of course, if FR got hacked, lost its content and user email addresses it would be easy in many cases for the hackers to reveal the identity of the FReeper (assuming you signed up with your real email address). In this era of leftist terrorism and “cancel culture,” this could be really worrying.
I’m thinking of creating a new, non-identifiable email address and switching my FR account to that.
“I’m thinking of creating a new, non-identifiable email address and switching my FR account to that.”
There is no such thing as a “non-identifiable email address”. If the email address is in any way associated with you, it is linked to you and thus identifiable.
On the other hand if you used a computer or device not at all associated with you, such as a public library or that of a remote acquaintance, and the content of all emails can in no way be associated with you, then you may have some degree of anonymity. But if hackers have you specifically targeted, you will be discovered sooner or later.
There is nothing, except nothing, secure or private on the internet. Anything and everything digital is hackable. Just ask federal agencies that have been hacked. Ask major corporations, ask the credit bureaus. And you yourself just gave an example.
I use Watpad too. Great novels. I am not too worried about my password there. I just use Watpad to read stories.
As for here at FR, it would be silly for anyone to steal someone’s password.
There are lots of news sites like the New York Post that I subscribe to but I don’t really have any confidential info at those sites outside of email etc.
Using a non-identifiable email address provides two layers of security:
1. The data breach of, say, FR would reveal a username (email address) and maybe an in-the-clear password. To tie this anonymous email address back to a real-life user would require...
2. The hacker getting into the ISP or other mail provider to associate the non-identifiable email address to the real person.
So the hacker has to breach two independent systems to tie the account back to a real human.
Of course, if the non-identifiable email account required that you provide real-life data about yourself when you created that address (e.g., payment information), then you have additional risk. But it would still require breaching the target database AND the independent email account database.
So the key is to create an email address that is not associated with you, the real person. In 2020, free, non-identifiable email accounts are available from ProtonMail, Tutanota, Secure Email and Guerilla Mail. These are trustworthy anonymous email providers that do not collect your data.
Yes, it would be silly to steal one account and log into it, but that is not what I'm talking about. The reality in 2020 is that leftists are out to destroy everybody who doesn't think like them and FR is a target-rich environment of conservatism for that. People post freely here because it is anonymous.
It isn't about stealing a password and getting into one account to steal money or order things on Amazon. It's about stealing the entire database of FR users and all the content, then tying that content back to real people to smear them, dox them, get them fired, and destroy them. It's all about personal destruction. Just look at how often an innocuous remark from 20 or 30 years ago is used to destroy somebody today (unless you are a Democrat wearing blackface).
Call me paranoid, but that is the world we live in.
You are right.
bkmk thank you
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.