Didn't use 2FA. I am on the list of haveibeenpwned.com, but I did use another password for Cloudbet.
So I don't understand how they did it.
So I don't understand how they did it.
On the site you will be able to see the breaches in which your email (and possibly other information) was leaked.
If you use the same password anywhere else, secure them now.
Example:
Code:
[email protected]
Oh no — pwned!
Pwned on 5 breached sites and found 2 pastes (subscribe to search sensitive breaches)
Notify me when I get pwned Donate
Breaches you were pwned in
A "breach" is an incident where a site's data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.
Adobe logo
Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.
Compromised data: Email addresses, Password hints, Passwords, Usernames
Gamerzplanet logo
Gamerzplanet: In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Lifeboat logo
Lifeboat: In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.
Compromised data: Email addresses, Passwords, Usernames
MySpace logo
MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.
Compromised data: Email addresses, Passwords, Usernames
VK logo
VK: In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.
Compromised data: Email addresses, Names, Passwords, Phone numbers
Pastes you were found in
A "paste" is information that has been published to a publicly facing website designed to share content, usually anonymously. Often these are indicators of a data breach so review the paste and determine if your account has been compromised then take appropriate action such as changing passwords. Pastes are often removed shortly after having been posted. Read more on the pastes page.
Paste title Date Emails
letsencrypt leaked emails LE fail 15 Jun 2016, 13:59 1,233
No title 20 Aug 2015, 23:15 1,269
Paste title Date Emails
letsencrypt leaked emails LE fail 15 Jun 2016, 13:59 1,233
No title 20 Aug 2015, 23:15 1,269
Oh no — pwned!
Pwned on 5 breached sites and found 2 pastes (subscribe to search sensitive breaches)
Notify me when I get pwned Donate
Breaches you were pwned in
A "breach" is an incident where a site's data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.
Adobe logo
Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.
Compromised data: Email addresses, Password hints, Passwords, Usernames
Gamerzplanet logo
Gamerzplanet: In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Lifeboat logo
Lifeboat: In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.
Compromised data: Email addresses, Passwords, Usernames
MySpace logo
MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.
Compromised data: Email addresses, Passwords, Usernames
VK logo
VK: In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.
Compromised data: Email addresses, Names, Passwords, Phone numbers
Pastes you were found in
A "paste" is information that has been published to a publicly facing website designed to share content, usually anonymously. Often these are indicators of a data breach so review the paste and determine if your account has been compromised then take appropriate action such as changing passwords. Pastes are often removed shortly after having been posted. Read more on the pastes page.
Paste title Date Emails
letsencrypt leaked emails LE fail 15 Jun 2016, 13:59 1,233
No title 20 Aug 2015, 23:15 1,269
Paste title Date Emails
letsencrypt leaked emails LE fail 15 Jun 2016, 13:59 1,233
No title 20 Aug 2015, 23:15 1,269
It tracks only public pastes etc. Not appearing on it does not necessarily mean nothing was pwned. Appearing on it does not necessarily mean your password was leaked (possible), but yes, your email was.
As I said, I did use another password. I knew that list already. The only breach where they could have my password from is the google account hack. But my passwords and email password are never the same.
It's easy for Cloudbet to point at this website. "Hey, it's your fault, you are on that website, change your password !".
I don't know how the hacker did this in my case, but there are some serious security issues at Cloudbet. That's for sure.
