Notifications
Clear all

shop.prusa3d.com Data Breach?  

  RSS
scottypres
(@scottypres)
Active Member
shop.prusa3d.com Data Breach?

I got this notification in chrome that shop.prusa3d.com had a data breach and I should change my password.

please advise

Napsal : 18/03/2019 10:58 pm
bobstro
(@bobstro)
Illustrious Member
Re: shop.prusa3d.com Data Breach?

Not exactly. If you read up on the Data Breach plugin you installed, the description says:

Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.

This means you are using an account and password combination that you used elsewhere on a site that was compromised. If you are using the same login name and password on multiple sites, you should stop doing so and change all the passwords you use on affected sites.

My notes and disclaimers on 3D printing

and miscellaneous other tech projects
He is intelligent, but not experienced. His pattern indicates two dimensional thinking. -- Spock in Star Trek: The Wrath of Khan

Napsal : 18/03/2019 11:36 pm
Spacemarine
(@spacemarine)
Estimable Member
Re: shop.prusa3d.com Data Breach?


I got this notification in chrome that shop.prusa3d.com had a data breach and I should change my password.

You never reported back here, but I'm interested: Did you use the same email and password on other websites?

Napsal : 25/03/2019 11:07 am
imod.systems
(@imod-systems)
Honorable Member
Re: shop.prusa3d.com Data Breach?

You never reported back here, but I'm interested: Did you use the same email and password on other websites?

OP is too busy e-mailing every website that he saved his password on telling them that there's a data breach 😆

Napsal : 25/03/2019 1:47 pm
D
 D
(@d-2)
New Member
Re: shop.prusa3d.com Data Breach?

To confirm, I'd check your E-mail account with haveibeenpwned.com. That site will tell you where any breaches have come from.

Napsal : 25/03/2019 4:48 pm
holmes4
(@holmes4)
Estimable Member
Re: shop.prusa3d.com Data Breach?

Just about everyone's email address will have been breached. That's not what Password Checker is looking for. It is comparing a hash of the password against a list of known breached passwords. What you can check at https://haveibeenpwned.com/Passwords is if your password has been revealed in a breach.

The best advice is to use a password manager (LastPass, 1Password, etc.) and use an automatically generated, strong and unique password for every login. That way "password stuffing" won't hurt you much should one site be breached (and have passwords revealed).

Napsal : 25/03/2019 10:43 pm
vintagepc
(@vintagepc)
Member
Re: shop.prusa3d.com Data Breach?


Just about everyone's email address will have been breached. That's not what Password Checker is looking for. It is comparing a hash of the password against a list of known breached passwords. What you can check at https://haveibeenpwned.com/Passwords is if your password has been revealed in a breach.

The best advice is to use a password manager (LastPass, 1Password, etc.) and use an automatically generated, strong and unique password for every login. That way "password stuffing" won't hurt you much should one site be breached (and have passwords revealed).

... until the password manager is the site breached... 😆

Napsal : 25/03/2019 10:46 pm
holmes4
(@holmes4)
Estimable Member
Re: shop.prusa3d.com Data Breach?


... until the password manager is the site breached... 😆

It doesn't work that way with a decent password manager. Even if that does happen, all the attacker gets is an encrypted blob - each user has their own decryption key that the manager doesn't have. The risk is much higher if you try to manage passwords on your own, which encourages simple, predictable and reused passwords.

Napsal : 25/03/2019 10:49 pm
vintagepc
(@vintagepc)
Member
Re: shop.prusa3d.com Data Breach?



... until the password manager is the site breached... 😆

It doesn't work that way with a decent password manager. Even if that does happen, all the attacker gets is an encrypted blob - each user has their own decryption key that the manager doesn't have. The risk is much higher if you try to manage passwords on your own, which encourages simple, predictable and reused passwords.

If only it was that simple...

https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/

Have a look down the list at some of the offenses.

Note I'm not disagreeing with you... just pointing out there are still vulnerabilities to be cognizant of. FWIW I have a hardware password manager that is completely offline in its storage, reducing the "cloud" attack vector

Napsal : 25/03/2019 11:09 pm
scottypres
(@scottypres)
Active Member
Topic starter answered:
Re: shop.prusa3d.com Data Breach?

Sorry ya'll. I've been quite busy. To answer a question, yes, I do have a password manager and I did use a password that has been used on other sites. However, this is easily changed, and the majority of passwords for my LastPass have been generated for each site. Thanks for the information. The data breach notice made me think that prusa's website itself had been breached. I have since seen this notice on a few other sites as well.

LastPass uses 256bit blowfish encryption and one way hashes. Unencrypted data is not stored on company servers. LastPass actually has been breached, but the hashes are useless in encrypted form. So I'm not too worried, yet, about it being breached.

Napsal : 01/04/2019 5:25 pm
Nikolai
(@nikolai)
Noble Member
Re: shop.prusa3d.com Data Breach?


... but the hashes are useless in encrypted form...

No, they are not. But I don't want to give you sleepless nights 😉

Often linked posts:
Going small with MMU2
Real Multi Material
My prints on Instagram

Napsal : 01/04/2019 7:28 pm
Share: