The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Too many sites that stored passwords in plain text - there is no doubt about that.
Yet, I haven't yet heard about any significant passwork leaks from established banks in this country. They have been security aware since the days when coins were real silver. They were the very first to make two-factor authentication standard: Before the electronic PIN chips became available, they used code charts sent to you as registred mail. That must have been in the early 1990. The PIN chips came in the mid 1990s, long before anyone else was using it. And they used HTTPS many years before we began demanding everybody over to HTTPS.
I am more surprised that someone has eavesdropped on the line many years ago, and then comes today threatening to reveal intimate photos of you unless you transfer a number of BitCoins to him before a given date. This eavesdropper must be assuming that most people never change their password, so that what was leaked five or ten years ago is still the valid one. And he assumes that none of these bank customers understand that the password alone can do nothing harm. Maybe the customers really are that naive! After having ridiculed "Nigeria scam" for ten years or more, there were still lots of people believing in it.
I have a hard time believing this is from eavesdropping. The largest amount will be from leaked databases - something which is quite often in the news, even with bigger companies.
Member 7989122 wrote:
I am more surprised that someone has eavesdropped on the line many years ago, and then comes today threatening to reveal intimate photos of you unless you transfer a number of BitCoins to him before a given date.
I'm not, since that too, according to the link, not due to someone gathering passwords by eavesdropping. Someone leaked a LOT of databases with passwords in one go, making them available for anyone with malicious intent.
People would have lost faith in the bank if they were to leak their databases, giving them an incentive to work on security. Twatter et all did not have that problem, and lacked the incentive. This is merely the result of that.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
I am just intrigued at which site must have been hacked, but guess I will never know.
You should ask which ones have NOT been pwned instead, the list is probably shorter.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
When I sign up to a site that requires a password, I generally use a unique email address. (I own my domain name so can have unlimited email addresses; there's a catch-all that routes non-existent addresses to my "real" mailbox, but retains the original "to" address. This way if I get spam addressed to "codeproject@[mydomain]" I can be pretty certain that it was CP that leaked my details / sold my address (for instance).
The only pain is if, when contacting them for any reason, they insist on having a sending address that matches what you signed up with. But they're few and far between.