# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 36
# self = https://watcher.sour.is/conv/7ycjsea
Hmmm looks like my LinkedIn password is compromised π±
Hmmm looks like my LinkedIn password is compromised π±
Hmmm looks like my LinkedIn password is compromised π±
Hmmm looks like my LinkedIn password is compromised π±
Some asshole from Oregon, USA on a shitty Window PC π³
Some asshole from Oregon, USA on a shitty Window PC π³
Some asshole from Oregon, USA on a shitty Window PC π³
Some asshole from Oregon, USA on a shitty Window PC π³
Interesting this about this incident, is that my LinkedIn password _was_ a 14 character long cryotograhpically generated passwords. I suspect LinkedIn has had a data breach π€
Interesting this about this incident, is that my LinkedIn password _was_ a 14 character long cryotograhpically generated passwords. I suspect LinkedIn has had a data breach π€
Interesting this about this incident, is that my LinkedIn password _was_ a 14 character long cryotograhpically generated passwords. I suspect LinkedIn has had a data breach π€
Interesting this about this incident, is that my LinkedIn password _was_ a 14 character long cryotograhpically generated passwords. I suspect LinkedIn has had a data breach π€
@prologic How do you know the password itself was leaked, as opposed to some other type of compromise?
@abucci @bender just asked that very question on IRC π€£ Nope I didn't leave a session open anywhere on any devices I don't control or actively use. No the password is not reused anywhere. It is pretty damn strong (or was).
@abucci @bender just asked that very question on IRC π€£ Nope I didn't leave a session open anywhere on any devices I don't control or actively use. No the password is not reused anywhere. It is pretty damn strong (or was).
@abucci @bender just asked that very question on IRC π€£ Nope I didn't leave a session open anywhere on any devices I don't control or actively use. No the password is not reused anywhere. It is pretty damn strong (or was).
@abucci @bender just asked that very question on IRC π€£ Nope I didn't leave a session open anywhere on any devices I don't control or actively use. No the password is not reused anywhere. It is pretty damn strong (or was).
Anyway, generally speaking it's a good reminder to go audit your password database
Anyway, generally speaking it's a good reminder to go audit your password database
Anyway, generally speaking it's a good reminder to go audit your password database
Anyway, generally speaking it's a good reminder to go audit your password database
@prologic Old OAuth/app connections can be an attack vector. A Microsoft account connected with your LinkedIn account could also be an attack vector--the Microsoft account is a distinct thing, and could be compromised and then used to access your LinkedIn account.
Unfortunately these things tend to be very leaky and have big attack surfaces. I wouldn't jump to the conclusion that your password was what was breached unless you have evidence that's what happened. I'd change your password and set up 2fa just to be safe, but I wouldn't stop there--I'd audit anything that can access the LinkedIn account in any way, and cut those off if you can.
@abucci No other types of auth are linked. 2FA protected me in this case. No other sessions anywhere. The attempted login was from Oregon, US. So π€·ββοΈ Really weird, I mean, what else do you think _might- have happened here? π€
@abucci No other types of auth are linked. 2FA protected me in this case. No other sessions anywhere. The attempted login was from Oregon, US. So π€·ββοΈ Really weird, I mean, what else do you think _might- have happened here? π€
@abucci No other types of auth are linked. 2FA protected me in this case. No other sessions anywhere. The attempted login was from Oregon, US. So π€·ββοΈ Really weird, I mean, what else do you think _might- have happened here? π€
@abucci No other types of auth are linked. 2FA protected me in this case. No other sessions anywhere. The attempted login was from Oregon, US. So π€·ββοΈ Really weird, I mean, what else do you think _might- have happened here? π€
@prologic That's a good opportunity to remove your account. :-)
@lyse Yeah it is I think! π€£ And actually @abucci I figured out what's going on... It not that my password or a session was compromised. My account is under attack. Someone is trying to hack it (albeit badly) by hitting the password reset form and entering my email address. So what the attackers have is a) My LinkedIn account and b) My email address. Or this is a widespread attack to break into accounts and reset passwords? But... How dafuq does this attack work when you have to have access to the email account as well to get the password reset pin?! π³
@lyse Yeah it is I think! π€£ And actually @abucci I figured out what's going on... It not that my password or a session was compromised. My account is under attack. Someone is trying to hack it (albeit badly) by hitting the password reset form and entering my email address. So what the attackers have is a) My LinkedIn account and b) My email address. Or this is a widespread attack to break into accounts and reset passwords? But... How dafuq does this attack work when you have to have access to the email account as well to get the password reset pin?! π³
@lyse Yeah it is I think! π€£ And actually @abucci I figured out what's going on... It not that my password or a session was compromised. My account is under attack. Someone is trying to hack it (albeit badly) by hitting the password reset form and entering my email address. So what the attackers have is a) My LinkedIn account and b) My email address. Or this is a widespread attack to break into accounts and reset passwords? But... How dafuq does this attack work when you have to have access to the email account as well to get the password reset pin?! π³
@lyse Yeah it is I think! π€£ And actually @abucci I figured out what's going on... It not that my password or a session was compromised. My account is under attack. Someone is trying to hack it (albeit badly) by hitting the password reset form and entering my email address. So what the attackers have is a) My LinkedIn account and b) My email address. Or this is a widespread attack to break into accounts and reset passwords? But... How dafuq does this attack work when you have to have access to the email account as well to get the password reset pin?! π³
@prologic bit of an edge case but depending on the number of emails youβre getting for a password reset, they could be doing a widespread attack to cause notification fatigue for when they send out mass phishing emails.
In reality, this attack would look like:
Attacker uses a script to cycle password resets -> user gets fatigued due to number of password reset emails -> phishing email sent -> user uses malicious link and form to provide the attacker with their credentials.
If youβre only getting a couple of these, probably not but could also be spread across weeks or months of 1 per day. I personally havenβt seen this attack in practice, but could be a possibility
@screem Thanks for the insight π
@screem Thanks for the insight π
@screem Thanks for the insight π
@screem Thanks for the insight π