Albion Online is an online game and their forums were recently hacked, as per an email they sent out to affected accounts. Hackers made out with hashed passwords and plain emails. Evidently they managed to decrypt the passwords, because I’ve had a couple of connection attempts on other websites.
Thankfully this time it was my old email address that I practically never use (and that has been in at least 10 dumps over the years lol), and it seems nobody has been able to access the email itself. I have now enabled 2FA on everything I can (also I hope Lemmy will offer an open-source 2FA option down the line!). Protect your logins; all it takes is one hack on a badly-protected website to put everything at risk.
There’s no miracle to do that. Use unique passwords (Firefox now offers to create and manage your passwords and sync them across devices), enable 2FA when you can, and if possible replace your email addresses on your accounts once they’ve been compromised. You can check https://haveibeenpwned.com/ or register on Firefox Monitor to get emails when your data is compromised (uses haveibeenpwned data).
What grinds my gears with this mostly is you sometimes have to create an account on some obscure website that you know you’re never going to use again (maybe an online shop that requires you to make an account). You don’t know how they protect their database. In this case you can use a burner email and a unique password, but you never know if they take security seriously anyway. Maybe they’ve been hacked already and never said because they wouldn’t even know. And with major email providers all requiring a unique phone number now, you can’t even make burner accounts on their service.
Burner email?
I really need to learn the terminology…
😅
Your burner email is basically like a burner phone, a temporary email that you only use to receive spam on. It has various uses;
- If I expect the website to send me spam, I don’t care because it goes on an email account I never use anyway. I only need it to register and confirm my account.
- It allows me to avoid giving one website too much info. If they only have my email and a unique password (not my name, address, or credit card info), then I’m not really worried if they get hacked down the line. It can’t be traced back to my actual email addresses, and if they add the password to their rainbow tables (to bruteforce it later), it won’t get my accounts hacked.
As I wrote in the other thread I use mailinator because it’s really simple but there are other burner email services out there that offer some more privacy. Mailinator isn’t great because you can only receive emails, not reply, and anyone that knows the address can see the emails you’ve received. There used to be free services that allowed you to generate an email that only you can use, don’t know if they still exist.
Gotcha.
