benhall.1 wrote:
david_h wrote:
The only list containing my C&F password will be the one maintained by this board. If that had been hacked I think you would have had more comments. I suspect a hacked WiFi router at a pub or cafe somewhere, or their third-party WiFi provider - the logo for which got attached to a link to this board in Safari. With http passwords are not encrypted.
I'm no IT expert, but the point is that it isn't websites that your password would have been gleaned from. When you enter a password on a computer (including a smartphone), at that moment, it can be harvested. That has nothing to do with the website concerned. It's the ISP that's been hacked. If you follow that link I gave you and you type your email address in, you'll see the likely breach that caused your password to be on a separate, hacked list. I suppose it could be a WiFi router, but, from the breaches that I've seen, it's much more likely to be an ISP. There have been many, and very well publicised.
By contrast, I've never actually heard of an ISP being hacked and that being the source of passwords being lost. The main method I am familiar with is dumping passwords from a website's own database. This isn't hard to do for some websites.
Part of the problem is that this can go un-noticed for a while and then the passwords show up in some other public dump. A large portion of
https://haveibeenpwned.com 's passwords are from such harvests and just added to a list. Passwords and personal information doesn't sell for a lot individually, so you usually see it in massive heaps. This is also how you end up with out-dated passwords in lists that show up in some the phishing emails where someone claims to know your password. (You can read about each of the largest breaches on the website. You'll see in the description that LinkedIn, or MySpace, had had passwords and data exposed that may have gone unknown for a while. Again, the point is that it was the website itself that had the problem.)
(I'm a little bit of a Cybersecurity enthusiast. I hope to become a Security auditor at some point; so I read up on how to hack websites and try to practice hacking on my own when I get the chance.)