AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Instagram hacked.

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Status
Not open for further replies.

Shaun__

V.I.P. AmberLander
Jul 16, 2011
5,906
10,298
793
Instagram has been hacked, and some user's phone numbers and email addresses are being sold. You might want to be on the lookout for fishy activity if you have an account. Link
 
Hopefully cam models do not use their phone number on instagram and only use their stagename email...
 
Also shows importance of not using same passwords for other sites as your email. Using that website (haveibeenpwned) my email matches with leaks from linkedin, adobe, daniweb, phpfreaks, vbulletin, gamingo, evony etc.Not saying anything about instagram, but some of the others have leaked passwords as well as your email, and if you use the same password...
 
Also shows importance of not using same passwords for other sites as your email. Using that website (haveibeenpwned) my email matches with leaks from linkedin, adobe, daniweb, phpfreaks, vbulletin, gamingo, evony etc.Not saying anything about instagram, but some of the others have leaked passwords as well as your email, and if you use the same password...
Yes this only had passwords and emails, but all it takes is a clever person that is good at social engineering and they would be able to get a new sim card for one of the leaked numbers and then they can start getting into stuff that uses SMS as a single authentication factor for lost password requests. An example were an attack such as this would work would be against a user that has a hotmail/live/outlook email address. This is why a leak with only email addresses and phone numbers is still a problem because all it takes is that someone at the cellphone carrier is lax about security for this to become a serious issue.
 
Agreed. Unique password for every account. Every. Account.

Two factor authentication wherever possible, and a password safe/vault for generating strong password and storing them.
 
  • Like
Reactions: ExcellaExe
Agreed. Unique password for every account. Every. Account.

Two factor authentication wherever possible, and a password safe/vault for generating strong password and storing them.

It isn't necessary for a unique password for every account. There's no need for me to have a unique password on every gaming forum - for example.

Different passwords for important things, yes, of course. But for trivial ones (like forums) - no.

The reason is that unless people use password managers then they tend to get overloaded with the passwords to remember. Because of this they then select easy to remember passwords. I don't mean they choose password123, although statistically still chosen a lot, I mean that they start using repeatable and therefore flawed logic in password choice. Such as adding numbers - corresponding to their date of birth. If they have to change a password regularly, they generally add 1 to the end of it each reset time - i.e. password1, password2, password3... etc

So having 20 gaming forum accounts with different passwords, which are then identifiable via my email address amongst leaked lists, will potentially reveal my password strategy. Nearly all of us have one unless you use password managers exclusively. Most people will have patterns in how they constructed passwords. Birth date years, old addresses, telephone numbers, post codes, car plates, pet names, siblings, favourite personalities, or the inclusion of colours, or a theme of some description. It's how our brains work, makes us predictable, and therefore easy to defeat.
 
  • Like
Reactions: Fatquack
It isn't necessary for a unique password for every account. There's no need for me to have a unique password on every gaming forum - for example.

Different passwords for important things, yes, of course. But for trivial ones (like forums) - no.

The reason is that unless people use password managers then they tend to get overloaded with the passwords to remember. Because of this they then select easy to remember passwords. I don't mean they choose password123, although statistically still chosen a lot, I mean that they start using repeatable and therefore flawed logic in password choice. Such as adding numbers - corresponding to their date of birth. If they have to change a password regularly, they generally add 1 to the end of it each reset time - i.e. password1, password2, password3... etc

So having 20 gaming forum accounts with different passwords, which are then identifiable via my email address amongst leaked lists, will potentially reveal my password strategy. Nearly all of us have one unless you use password managers exclusively. Most people will have patterns in how they constructed passwords. Birth date years, old addresses, telephone numbers, post codes, car plates, pet names, siblings, favourite personalities, or the inclusion of colours, or a theme of some description. It's how our brains work, makes us predictable, and therefore easy to defeat.

Different strokes, different folks. I used to subscribe to this theory as well. Then, started seeing a lot of forum platforums I was on (vBulletin, phpb, etc) starting to report they were having to do massive security updates. At this point, I went to unique password for every account. Shortly after, reports started coming out about a few of the forums I was on started to get hacked. While concerning, I wasn't too terribly worried, as I had a generic email account for forums and with unique strong passwords, it wasn't a scramble.

But, yes, you are correct in how people are lazy and become predictable with account credentials. Whether shitty passwords, or they allow them to be saved in browser cache. Due to this, and the fact that most forums are not updated like they should be, is why I have unique strong passwords and use a password manager. Have for many years.

Due to these security breaches, is why I wish more online entities such as forums, businesses, etc would delete accounts upon request.
 
Status
Not open for further replies.