Data Breach or Scam?

[Erwin]

Sometimes when I log onto this site I get a pop-up window supposedly from Google Chrome saying there has been a data breach and am advised to change my BF password.   Has BF been breached or is this phishing?

[mjkerner]

Never happened to me yet, Erwin, and I visit everyday. Probably phishing then.

[grungar]

I don't know if it will help and may be old news but chrome is or was very insecure compared to the default browser edge. my infor is about 2 years old. maybe you have already tried it? GL

[markshot]

Make sure Chrome, Windows, and Firewall/AV suite is up to date.

I haven't seen any trouble with the site, and I am sure BFC would be the first to notice any issue and inform the community.

It might be a man in the middle attack.  A DNS (Domain Name Server) has been compromised.  So, you do put in the right URL, but you are misrouted to a malicious site.  Due to Internet traffic patterns and load balancing, your routing might vary from forum session to the next.

Just use common sense.  If something looks fishy, it is.

Use complex passwords; not 12345678.

Don't use the same password for every site; especially banks, your IRA, sites with your credit card like Amazon and Steam.

I manage our computers here, and used to do this at the corporate level professionally.  Your greatest risk if you follow the above is not your personal PC, but some company that has you in their database getting hacked and coughing up 10,000,000 credit card numbers to the Dark Web.

[Commanderski]

4 hours ago, Erwin said:

Sometimes when I log onto this site I get a pop-up window supposedly from Google Chrome saying there has been a data breach and am advised to change my BF password.   Has BF been breached or is this phishing?

Probably a phishing scan as previously stated but if you want to be sure change your password through your profile from the BF site and not the link that pops up.

[Erwin]

Thanks for the responses.  Have to say am not too worried about someone coming onto this site and impersonating me.   If you see me make a stupid post, it will be the hacker, not I.

[BletchleyGeek]

It means that the password you use on the forums has been found by Google on a known database of hacked data (this same service is provided by the website  https://haveibeenpwned.com/). If you are using the same password on your online banking, netflix, amazon, etc. you should be changing it ASAP.

 

 

Edited January 1, 2020 by BletchleyGeek

[Erwin]

Quite correct, BG.  Cos I travel so much abroad and do not trust public sites, I never do any financial or sensitive stuff online.  The best thing about CC's is that the companies take responsibility for fraud very quickly and easily.  I always recommend that people never use debit cards as then fraud money gets sucked from your account immediately and then you have to prove it wasn't you to get refunded.  Much more dangerous and annoying.

It's interesting that in the UK for example, the banks are actively pushing people away from CC's to using Debit Cards for everything.  To me it's a way the banks want to push responsibility for losses onto the average person.  (Also, it means that it's your money is being sucked out of your pocket immediately, whereas you get up to a month interest free loan using a CC - assuming you pay off 100% every month.)  Maybe today it's not horribly hard to get refunded for debit card fraud.  But, I bet that when everyone has been pushed into using DC's, it will get harder to prove you are a victim and get refunded.

 

[Holien]

4 hours ago, Erwin said:

It's interesting that in the UK for example, the banks are actively pushing people away from CC's to using Debit Cards for everything.  

Not sure I have seen that in the UK?

I agree use a CC for everything you can.

[BletchleyGeek]

On 1/2/2020 at 5:01 AM, Erwin said:

Quite correct, BG.  Cos I travel so much abroad and do not trust public sites, I never do any financial or sensitive stuff online.  The best thing about CC's is that the companies take responsibility for fraud very quickly and easily.  I always recommend that people never use debit cards as then fraud money gets sucked from your account immediately and then you have to prove it wasn't you to get refunded.  Much more dangerous and annoying.

It's interesting that in the UK for example, the banks are actively pushing people away from CC's to using Debit Cards for everything.  To me it's a way the banks want to push responsibility for losses onto the average person.  (Also, it means that it's your money is being sucked out of your pocket immediately, whereas you get up to a month interest free loan using a CC - assuming you pay off 100% every month.)  Maybe today it's not horribly hard to get refunded for debit card fraud.  But, I bet that when everyone has been pushed into using DC's, it will get harder to prove you are a victim and get refunded.

 

My experience is even better @Erwin, my bank here in Australia recently cancelled one of my debit cards preemptively and sent to me a replacement via urgent post, as they had got evidence that the number (not the CVC) of the card had got compromised. That's pretty much the best we can expect from a bank.

I do reuse passwords for sites likes forums (e.g. Matrix, Battlefront, etc.). Surely more than one prospective "hacker" will have been disappointed following up that password seeking for gold and finding just commentary on nerdy stuff.