Recommended Posts

Today Edge alerted me to this:

 

image.thumb.png.0e7fab22d9cc9d78d8739625e443adcf.png

 

Luckily password is a generated useless one, but it's still a bit concerning.

 

Is this true?

  • Confused 1
Link to post
Share on other sites
Posted (edited)

If you use the same username / password pair on another site, the leak does not necessarily come from xpenology. This kind of leak checker is based only on the username / password pair.

Edited by EVOTk
Link to post
Share on other sites

I just set up a nextcloud and saw this:

 

Es wird ein Hash des Passwortes erstellt und dessen ersten 5 Zeichen an haveibeenpwned.com gesendet. Danach wird eine Liste aller Hashes empfangen, welche mit diesen 5 Zeichen beginnen. Nextcloud prüft nun ob der Hash des eingegebenen Passwortes in der Liste der Hashes enthalten ist.

 

(basically saying, only five first parts of hash are sent to HIBP, so maybe MS does the same, and its a fals positive..)

 

@C-Fu Have you tried directly with HIBP?

Link to post
Share on other sites
Posted (edited)
On 5/23/2021 at 5:18 AM, KoenigLudwig said:

I just set up a nextcloud and saw this:

 

Es wird ein Hash des Passwortes erstellt und dessen ersten 5 Zeichen an haveibeenpwned.com gesendet. Danach wird eine Liste aller Hashes empfangen, welche mit diesen 5 Zeichen beginnen. Nextcloud prüft nun ob der Hash des eingegebenen Passwortes in der Liste der Hashes enthalten ist.

 

(basically saying, only five first parts of hash are sent to HIBP, so maybe MS does the same, and its a fals positive..)

 

@C-Fu Have you tried directly with HIBP?

yeah, but since it's a very old email with tons of (useless) logins to old unused sites like dropbox and linkedin, in all intents and purposes it's useless in regards to xpenology.com IMO - which also uses a generated password.

 

Anyway after rereading, Edge told me of a leaked (generated) password, not site. So I suppose I put it wrongly, perhaps not xpenology.com that got hacked, just my account's particular password...... ? Oh well. All is good 😁 sorry for the heart attack anybody!

Edited by C-Fu
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.