This might be a gamechanger here. The number of “stolen” passwords don’t add up anywhere, heavily affecting the legitimacy of keeper.io’s collection.
Of course not, because the sites were far off from a regular search.
Ha, thanks.
Take a guess from above.
This is a really hard case. I was really here to attack everyone and everything back in the LET times, resulting in getting rid of several scammy hosts. Sometimes this was the only way to solve misteries. This time I made a mistake and I’ll make sure to correct it - I should’ve contacted you first.
I will clean up the mess I caused starting with this thread that got moved off from The Ball Pit and I’d like to have the LET post gone aswell (@doghouch please?). And of course my apology will stay here, I shouldn’t have trusted them in the first place. I’m really sorry about this, and I hope you won’t have bad feelings because of this.
Thanks for the detailed reply @Abdullah! Indeed, it seemed fishy that there was never any evidence, I’ve changed the thread title to reflect the truth.
I agree that @Theseus was far too quick to judge here, but he’s apologised and frankly his attacks were short posts under a single thread. Since he has apologised, no further action is necessary.
The conversation was originally started in The Ball Pit which means that it’s pretty unlikely that anyone would’ve stumbled upon it unless they were an active member. Furthermore, this conversation was always under the Off Topic category which prevents it from being indexed by search engines, but I’ve now moved this to General in your favour.
@Abdullah, sorry for the rocky entry but welcome to Host Balls! Despite this occurrence, this is usually a friendly and supportive community. Hopefully you’ll stick around!
@Theseus, this isn’t LET, please do your due diligence before flaming a provider in the future please.
alrighty then! Welcome to hostbreachballs @Abdullah - apologies for the drama, and thanks for sharing that fascinating backstory.
And I’m guessing @Theseus might have some ironic opportunity to appreciate the value of a (slightly) higher standard of proof when accusations are made in either direction - but, really does seem like an easy mistake for a person to make, so I’m glad to see it get resolved without more hard feelings.
Thinking a bit about the bigger picture now though … maybe this messy little near-miss will at least serve as a good reminder for anyone reading this (and that means endusers as well as providers) to take a hard look at their own security posture, and to seriously consider the real possibility and potential consequences of a breach.
On that note, I have heard of these cases where people try to pass off a database as belonging to a host that has nothing to do with the actual host. There was some underground talk of a database for a large host that I previously worked at that, upon examination, had nothing to do with that host at all.
We may well be in a new time where people pass off parts of the antipublic combo list as various other things.
It’s a big collection of passwords from various breaches. Almost certainly you are, or someone you know is, in that one. I’m in it, as is just about everyone I know.
There are a few combo lists out there that you can easily torrent. Gives you about 18 GB worth of email / password combinations. I have like 8 entries in there. The most shitty thing is that spammers use that list too, so you’re basically a confirmed victim once you appear on such list.
The real money, and I’m surprised no one has so obviously done this yet:
Find people who use social media to declare their usage of a service provider, draw correlation between that and antipublic listings, then create a database of users of that service and their passwords. Given that people reuse passwords so often, it’s actually quite likely that one could build a customer database of usernames and passwords for a service provider from publicly available information.
Irony of the day is that I would rather store my passwords in plaintext other than using any of these password managers who claim to have something they don’t.
I hate to admit but I ruined my previously flawless work by trusting a company like this. Gonna bash myself because of this for a while.
I never said anyone did, but people should do their due diligence before calling out a provider. The drama has been dealt with, this thread can now be closed.