Nord User Forum

I just got information that my account on this forum have been picked up on a list of hacked account. Not a big deal on this forum, but if anybody use the same password on this forum as on other accounts - now is the time to change your passwords.

Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?

My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.

FZiegler wrote:Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?

Got the info from Apples security check that credentials used on this forum have been leaked. No big deal for me since I have unique pass on different sites and this is a non vital site with no economical info. So I just reset this password.

analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.

Yes, I trust Apples security check pretty much so I am confident it was only from this site.

Gearnostalgia wrote:

analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.

Yes, I trust Apples security check pretty much so I am confident it was only from this site.

Does Apple's warning specifically state that your username and password from this website have been leaked?

Apple's security check (iOS 15.5) tells me that my password for this website has been seen elsewhere, which elevates the risk that this account might be easily compromised.

As I understand it, this means that it has NOT been scraped from this particular site, as that would lead to a warning that my login data (login name AND password) has been compromised. It just appeared in login dumps from somewhere, probably used by somebody else — or another of my accounts on a compromised website, where I was dumb enough to use the same password as here.

Can not remember exactly what the dialogue said, but I think it was "password used on nordlead forum has been picked up on list with stolen passwords". Or something like that. Is it possible to find those messages in some system log again?

That message only means that the password you use on this forum has also been found in some list of "stolen" passwords, not that it was stolen from this site, neither that it was yours (maybe someone else using the same pwd).

Maybe the password you use is too generic (or "easy") and/or you are using the same password on other websites and one of those has been hacked, instead.

Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?

FZiegler wrote:Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?

Password "Security Recommendations" is a feature which is part of iOS password management since iOS14, it analyzes various types of potential risks and highlights them, but as the name says they are suggestions, you are not forced to follow them if you evaluate the risk is low.

If you search the web for "apple password security recommendations" you can find many pages with more details about it.