a.x61.sh

15M Trello accounts have been leaked (lemy.lol)
from Blaze@lemmy.zip to securitynews@infosec.pub on 23 Jan 2024 01:04
https://lemmy.zip/post/8808406

cross-posted from: lemy.lol/post/18411383

I just got the email from haveibeenpwned. F Trello.

#securitynews

threaded - newest

HeartyBeast@kbin.social on 23 Jan 2024 01:17 next collapse

Thanks for the heads-up, I've just changed my password

Edit - Duh, passwords weren't actually leaked - the ttackers queried Trello with email addresses and got back names, usernames and if the addresses were valid.

infinitevalence@discuss.online on 23 Jan 2024 01:58 next collapse

Well I deleted my account today so good job I guess.

EmperorHenry@infosec.pub on 23 Jan 2024 05:25 collapse

remind me again how digital IDs are going to make us safer when every company with people’s personal details is constantly getting hacked?

ComradeKhoumrag@infosec.pub on 27 Jan 2024 08:22 collapse

Centralized or decentralized digital ID?

EmperorHenry@infosec.pub on 28 Jan 2024 05:20 collapse

Neither! They’re both a bad idea.

ComradeKhoumrag@infosec.pub on 28 Jan 2024 10:16 collapse

If it’s decentralized, you’re original point about companies being able to get hacked doesn’t apply anymore

EmperorHenry@infosec.pub on 28 Jan 2024 22:23 collapse

Digital IDs are still horrible.

ComradeKhoumrag@infosec.pub on 29 Jan 2024 00:41 collapse

The current ID system we have - social security numbers - are infinitely worse. Add 1 to it and it’s another valid SSN. Most of the numbers can be determined with regional info

EmperorHenry@infosec.pub on 30 Jan 2024 03:16 collapse

I don’t know who’s paying you and all the others to say that shit, but digital IDs aren’t about keeping anything safe, it’s about controlling the population and locking them out of society when they misbehave. If you make any political statement that rocks the boat you don’t exist anymore. If you become a whistleblower, you don’t have any freedom anymore. If you do anything at all that the oligarchs don’t want you to do, you’re not a person anymore.

ComradeKhoumrag@infosec.pub on 31 Jan 2024 02:37 next collapse

No one’s paying me anything, and I’m well informed of the civil liberty issues surrounding government IDs in general, let alone digital or paper.

What I am referencing is decentralized digital ID. There is no ominous they or third party who could control you with a decentralized digital ID. We already have a pretty shitty ID system, but a better ID system with less centralized control can exist

EmperorHenry@infosec.pub on 31 Jan 2024 23:09 collapse

digital IDs are still hackable, even if you have total control over your own, it’s still hackable and it gets tracked everywhere you have to show it.

ComradeKhoumrag@infosec.pub on 01 Feb 2024 02:45 collapse

Everything is hackable, even the current form of id we have which is SSN. Decentralized digital ID is orders of magnitude harder to hack, and has even less government control over the ID process. The expectation value to crack modern encryption is measured on eons even if you’re using all the power in the sun and physically perfect efficiency in energy to computation conversion

EmperorHenry@infosec.pub on 01 Feb 2024 06:00 collapse

Everything is hackable,

and digital ID won’t make it any better

furysama@mastodon.straylight.engineering on 01 Feb 2024 07:24 collapse

@EmperorHenry do... Do you think you're somehow immune to this today? People who piss off the powers that be today are silenced pretty effectively. Nobody needs any digital ID infrastructure to do that.