• Gravatar data leak

    Home » Forums » Newsletter and Homepage topics » Gravatar data leak

    Author
    Topic
    #2404959

    You may have seen in the news that the site that provides the icons/images for this site and other WordPress based sites has been involved in a breach
    [See the full post at: Gravatar data leak]

    Susan Bradley Patch Lady

    2 users thanked author for this post.
    Viewing 3 reply threads
    Author
    Replies
    • #2404981

      There’s something more going on with this data. I got a notice from Troy Hunt’s Have I Been Pwned that an address of mine that I only use for personal communication (never for any kind of business) was in the data set. I had never even heard of this company until now and confirmed that I’ve never signed up for anything with them or even received an email from them. The address is in the form of firstname@firstnamelastname.com so they might have created a spam list of some kind that they never used, but it definitely didn’t come from me.

      • #2405039

        I also received an email from Have I Been Pwned and I have never heard of Gravatar either.

    • #2405015

      The last bit of advice about changing all the passwords periodically is a bit tough in practice. I have 336 passwords in my Keepass database. Early in the lock down I went through all of them to ensure they are all unique and complex, but it took me forever. I don’t think I could do that often, even if I could find the time to do so.

      Chris
      Win 10 Pro x64 Group A

      • #2405145

        I also use KeePass and have hundreds of entries. To be able to check all my passwords at once (saving me a ton of time!), I added a plugin called HIBPOfflineCheck that checks your passwords against the Have I Been Pwnd breach data. It can either do an online check or an offline check. To do an offline check you’ll need to download a large file from HIBP’s site. It’s faster – and I think more secure – than the online check so that’s what I use. I check monthly to see if a new breach file is available for download. After downloading, clear the previous check in KeePass using the entry under the “Tools” dropdown menu and run another check against the new data file. Takes no time at all.

        https://keepass.info/plugins.html#breachchk

        https://github.com/mihaifm/HIBPOfflineCheck

        https://haveibeenpwned.com/Passwords  (scroll to the bottom of the page and download the “SHA-1 by hash” version)

         

        Win10 Pro x64 21H2, Win10 Home 21H2, Linux Mint + a cat with 'tortitude'.

        3 users thanked author for this post.
    • #2405035

      Should we change our Ask Woody website password?

      • #2405042

        Not specifically because of this, they didn’t scrape passwords, but if the askwoody password isn’t unique, I’d change it.

        Susan Bradley Patch Lady

    • #2405058

      Woody published a blog warning about disclosing personal info into Gravatar in October 2020:
      https://www.askwoody.com/2020/if-you-have-an-avatar-a-picture-here-on-askwoody-make-sure-gravatar-doesnt-have-any-personal-data/
      ‘Da Boss’ with finger on the pulse as usual..

      "-rw-rw-rw-" extreme computing
      2 users thanked author for this post.
    Viewing 3 reply threads
    Reply To: Gravatar data leak

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.