All,
We have determined, unless additional useful info is found, that this is simply a case of either:
a) new round of monitoring agencies finding or sharing the known data and starting to notify,
or
b) a case of the same info being posted, but in a new spot.
..either case, it appears the alert being sent is referencing the same data the haveibeenpwned.com website has been sending alerts for for some time now - not a new breach. The hack this thread is referencing is the one from 2012, long published about
here, and on
Phandroid, as well as
many other sites around the web.
There is no indication of a new breach, or any since the 2012 incident. We have checked databases that hold this info for emails in our database both before and after said breach - and accounts from before were, of course, found - but none from after.
Pending any new accounts coming forward saying they are getting the alert - or Rob discovering anything from the monitoring agency in side-talks - we are confident this is simply a new alarm for an old breach. Plain text passwords are not for sale - if they are they would have been rainbow'd, and that's effective mainly on simply or pattern'd passwords, like "password", "12345" and other dictionary terms and patterns.
Accounts newer than July 2012 were not, and as far as we know now, are not otherwise, affected.
All that said - we do still recommend you change your password here and on all sites that used shared passwords at the time if you've not yet done so - and we also recommend you enable two-step or dual/multi factor authentication anywhere you can. You can here on
AF - on this page. You can do this with your gmail account (which is
highly recommended),
here.
If unfamiliar with what that is - basically you are authenticated not just by password (what you know), but something else as well, like (like "what you have" (code sent to your phone, for example)). It adds a new layer, so if someone knows your password, they still need your phone with them to successfully log in. This is especially important for email, because getting access to most people's main email account gives them access to so, so many other things.
(Hey, side note -
put a password/pin/pattern lock on your phone. The importance of this is highly, highly underrated. Why? Because in the world of Android and iOS - if they are in your phone, they are in your email and everything else.)
Appreciate all the alerts on this, we all hopped online to dig in - these sorts of things are not to be taken lightly. As you can see, we haven't even managed to recover fully, four years after the fact! I get emails thanks to this every week, sometimes everyday. There are some sites/companies that downright crumble following a breach, it is not easy to deal with and definitely not something we want to see a repeat of - for us OR our members.
If you have any questions or concerns feel free to send me a Conversation/PM - or shoot me an email @ phases at neverstill dot com - I'll be happy to help.