Hello! Today I get information my password was leaked and I changed for new. That means the server Zorin was atacked from outside.
That is only my information because I don't have password in webbrowser.
Password transfer and storage are a little complex, so this does not necessarily mean that a hack occurred in a specific place. Notifications of such also are very zealous and will alert users if there is any doubt, whether it is confirmed their password was leaked or not.
That being said- alerting the ZorinGroup to your post.
@AZorin @zorink
Today I get information my passwords was leaked from ebay,epic,github and zorin.
I mean i was pwned.
I assume you believe your Zorin forum password has been leaked, not your computer password, and thus think the forum itself has been compromised? Do you have any evidence of this? I'm not seeing anything about eBay, Epic, Github, or Zorin in the screenshot you posted while mentioning them.
@Bourne The pwned list looks somewhat generic and not specific to one user. I am thinking it is just a scareware advert for 1Password manager and nothing more. I can see nothing related to Zorin.
Hello @Bourne,
Thanks for your post, we take reports of potential breaches very seriously. We have done some investigating - including checking our servers – but have been unable to find any evidence of a data breach of the Zorin Forum.
Our forum software (Discourse) hashes all user account passwords with a salt. This means the actual passwords are never stored in plain text on our database and the stored hashed data can't be converted back into the plaintext password. You can learn more about the security features of our forum software here.
The screenshot you shared from Have I Been Pwned doesn't contain any mentions of Zorin, but does mention the Linux Mint forum. It may have been the case that the password you set for your Zorin Forum account was reused across multiple other websites, one of which might have been breached. This could expose you to credential stuffing attacks.
We strongly recommend you to change your password across all your online accounts and to ensure that your password is unique on each website. In addition, it's best to set up two-factor authentication for additional security, which you can do on the Zorin Forum from your account Preferences > Security.
Nevertheless, if you do have any evidence of unauthorized access to your Zorin Forum account or of the forum being breached, could you please send it onto us by DM or email so that we could investigate it further?
I asked the developers server where i have connected this e-mail with Zorin and that information about leaked password to gived to me more information about how my password was taken.
I will get answear about working 1-2 days.
In translator from polish to english that means
4 hacked passwords.
Here is answear. I translated this here.
Good day,
Thank you for contacting Google Support. My name is Olivia and I am here to help you.
We understand that your app passwords have been compromised.
We would like to inform you that you have contacted the Google Support Team, which handles consumer inquiries about Google products. As a result, we are unable to provide you with assistance.
We suggest that you use Google Search to find the contact details of the app developers. They will be able to provide you with further assistance.
You can find more information on this topic in this article.
If you have any additional questions, please reply to this email and we will be happy to help! For additional help on other topics, you can always contact us through our Help Center.
Within 48 hours of our last interaction, you will receive an email with a short survey. We would be happy to hear your feedback on your experience with us and your overall rating of Google Support.
Best regards,
Olivia
Google Support Team
Did you read the response? It says:
So it looks like you accidentally contacted Google instead of whatever app / service notified you of a password leak. This response doesn't help identify which of your passwords have leaked, or from where.
I get information about leaked from google.
Well it could be a fake information?
Besides they answear me I am individual client then they cannot gived me any answear where the passwords could leaked.
So here we have answear like a ping-pong.
The most password what was stolen are 2 type identyfication with code to my mobile. Interesting when i deny from one that app authentication 2FA and closed that veryfication. About next minute I get second message to my mobile with code but I deleted 2FA verification. So somewhere is leaked not about 2 servers but somewhere middle when I send information and they are taken from someone else? Because why i get code password on my moblie if I deleted verification 2FA - Two Factor Authentication.
Besides that means like Google don't want sayed they servers are broken and passwords are stolen or they have problem with servers and cyberatacks. They are don't deny the password was stolen.
Hi @Bourne,
Are you using Google Password Manager/Password Checkup feature to receive the breach reports?
If so, they specifically notify you if the login details (username/email & password combination) you saved for a specific site have been found in any breaches across the web. This does not indicate that the specific site was breached, as the breach could have originated from any other site where you also used the same login credentials. The main purpose of this notification from Google is to warn you about vulnerability to credential stuffing attacks.
Given that you received a notification that your login details on multiple sites are unsafe (eBay, Epic, GitHub, and Zorin) it appears likely that you reused the same login details across multiple websites, increasing your risk of getting hacked elsewhere.
As I previously mentioned, we strongly recommend you to change your password across all your online accounts and to ensure that your password is unique on each website. In addition, it's best to set up two-factor authentication for additional security, which you can do on the Zorin Forum from your account Preferences > Security.
I don't know maybe google have old information about my passwords.
They send me new e-mail.
Thank you for contacting Google Support again and providing the information.
Please be advised that we at Google Support do not have detailed information on where the data leak may have occurred. For our part, we recommend that you secure your Google account.
Google takes online security seriously. To keep your account secure, we recommend that you perform the following steps regularly.
Important: We may use a red, yellow, or blue exclamation point icon to recommend immediate action on your Google Account. For more information, see Recommended actions.
Here is photo.
Under they gived me guide how to security and changing a passwords.
Well. I am not using the same passwords.
Here is example old password what I used only in Zorin
Z3tu5%7txX2jfmp+
The epic and e-bay also have only diffrent passwords
here is example 3DCX&pJ.J$a!c^t and /if3[/xz=?KRYt?
The passwords was changed of course.
If you think someone is trying to hack your account—or already has—we’ll work with you to secure it. For your protection, we may place a temporary hold on your account.
Quick tip
If you can’t sign in to your account, contact us immediately and we'll help to secure it.
If you think your account has been hacked, first check if anyone with access to your account made changes to it, or used it to either buy or sell.
What to do if your account has been hacked
If you can sign into your account
- Change your password - opens in new window or tab immediately.
- Verify your contact information, shipping addresses and payment details - opens in new window or tab. If anything was changed by the person who hacked your account, change it back.
- Check your active bids and listings to make sure they’re yours.
Contact us for help with removing unauthorized bids or listings. If there’s been no fraudulent activity on your account, you don’t need to contact us.
If you can’t sign into your account
If you can’t sign in to your account, contact us immediately.
Tip
If you believe your eBay account has been hacked, we recommend changing the password on your personal email account as well. Your email account password should be different from your eBay password.
This I have on ebay.
Propably I get the same answear what I get from google.
I also contacted with another platform epicgames.
The most problem on they all services they are bot chats.
This is answear from Epic Games.
Hi!
This is the Epic Games Support Department.
I have thoroughly checked the account in question and do not see any unwanted activity on it. Additionally, there was no password leak on any Epic Games server.
However, the situation you describe indicates a data leak that led to unauthorized theft of your data by other parties. I recommend you change your passwords and email address.
Please check this link: https://www.fortnite.com/news/protecting-your-epic-account?lang=pl where it is described how to keep your account safe.
And when it comes to investigating the cause more thoroughly, I suggest you go to this link: https://haveibeenpwned.com/ where you can enter your email address and check if it is included in known databases. If this is the case, it's best to assume that the password associated with this service is publicly known and immediately change it in all accounts that use it (not just your Epic account!).
How did you get this notification: email, SMS, WhatsApp? Can you show the original notification? Have you verified the sender? So far, it all points to a scam or phishing attempt of some sort.
Also, in your early screenshot about HIBP, multiple accounts show up. This indicates that you've reused your credentials, either email, password or both.
HIBP is a well-known online service, even before their disclosed partnership with 1Password.
From pwned I NEVER was on SOCRadar.
Besides it gived me info on another my account e-mail where was only 4 app and the password was changed.
I don't know how to "reading" that.
I am not scared. I am just curious.
It is some scam informations?
Because all "american friends" - They sayed "In our hands the world is safety". Because most that websides and corporation are in american zone.
It could be. Based on what I've read in this thread so far, it probably is. Was there any information that you could use to identify the sender? It's important to not jump to conclusions without knowing at least this.
how did you get the information ? did you enter your email in HIBP ?
did you use the same email acc for all those sites ?
it could be that your email with password was compromised , so everywhere you signed up with that email would potentially show up as been pawned.
change your email password