top | item 21617784

Tell HN: Phishing Scheme for Cracked Passwords

5 points| erikschoster | 6 years ago

I just received an email whose subject was a password I used to use several years ago and had an attached PDF with the password as the filename. I assume they got the password from the adobe breach since I used it for my password there until it was disclosed that there was a security breach.

Since that breach was in 2013 and my relatively short (8 chars) but random password was just emailed to me in plaintext, I'm wondering if there has been a long-term effort to crack everything, and if this matters much. I'm sure most assumed this is what was happening. If it took six years to crack my password or it was cracked earlier and just became available to someone, I don't know.

I'm posting this here because I don't follow this sort of thing closely, I stopped using this password in 2013, and I'm just curious if the possibility of some possibly harder-to-crack passwords now becoming exposed (if that's actually what is happening here) has any significance.

It could be someone cracked my password years ago, but the plain text only became available to some would-be extortionist recently.

Thanks!

1 comment

[+] octosphere|6 years ago|reply

I never use a password, but I do use a passphrase like something similar to the one used in XKCD 936[0]. There's a few open source diceware[1] generators on Github that you should look at.

[0] https://www.xkcd.com/936/

[1] https://en.m.wikipedia.org/wiki/Diceware