https://slf2rrahypck3bwckpdohsnhpeqrb3nhvwznjmarmweofwnptowe4mad.onion.ly/ Dominos being hacked. Just email or phone number and gives all details of us of when we ordered and what price! People ordering pizza pls take care. It shows home address too to where we order.

2021 seems to be year of data breaches. Bigbasket had also leaked data. Interestingly enough, few hackers used the same credentials leaked in there on flipkart and redeemed lots of coins! Goes without saying why everyone needs to use a password manager & unique passwords which are not related to any other password.

This is now so common in India, I am not even surprised. Atleast global firms receive flak for not taking privacy seriously. Meanwhile, everytime there's a data leak in India, some CEO decides to hire even more TCS/wipro interns for cost cutting.

2021 motivated me to pay for 1Pass subscription. I had been delaying to for too long.

A very naive doubt, why is it recommended to use a password manager? what if the password manager gets hacked? Does it mean that 1password is unhackable ?

@early-furniture-69813 most password managers encrypt and decrypted the password database before it leaves the computer to save on server So even if their server gets compromised the data there is gibberish without the hackers knowing master passwords for all users It’s usually better to use open source password managers like keepsssxc but even proprietary are good

If you have an apple device, check out dashlane. Their premium plan is dirt cheap in India. Just 149 per year After subscribing on iOS you can also use on other devices.

I can't live without 1pass, seriously one of those rare software products that has made life 100x better.

I've been using Bitwarden. Completely free and open source. I took the premium plan just to support the developers.

@wide-twilight-82330 how would that be possible, i thought bb and other companies store cryptic hash which can't be reverse engineer to password

@calm-gigabyte-36239 password password1 password2 each of them will have a different hash but by brute force it is very easy to figure out a pattern (append an integer) in the above case so if someone knows the password is somethingrandom123 he can very well try the same password or a similar one, say somethingrandom123456 at another site for the same username the chances are quite likely that it will hit

i agree but bb is not storing password in plain text i.e somethingrandom123 instead it'd be storing a sha hash (with salt) so it'll come in breach like fjr0ej39fjso3(is'ksp. this makes it impossible for hacker to reverse engineer it to somethingrandom123

@calm-gigabyte-36239 check this https://digitalvarta.in/2021/05/12/flipkart-gets-caught-in-bigbasket-data-leak-aftermath/ Technically what you're saying is right, but it would be foolish to assume reverse engineering using brute force is not possible. Short / simple passwords can be easily cracked through brute force - the cost increases exponentially with GPU / FPGA based hardware with the increase in length. So in a dump of 10k users, even if the hacker is able to crack 100 of those using hardware he's won the game. The problem here lies in the fact that people do use simple passwords that are easy to recall and the passwords typically don't vary much across sites, or in most cases do not vary at all.

thanks for the article. I think bb might have used weaker hashing algorithms which made brute forcing simple passwords much easier for hckrs.