Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicReusing passwords, possibly a NZ data breach and latest activities on Geekzone
freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#322601 3-Sep-2025 15:32
Send private message

Hi folks

 

I am looking at the Geekzone traffic and noticed that today we had a higher than normal number of accounts blocking from accessing Geekzone because the users have username and password leaked somewhere else.

 

As a reminder, every time you login we check for password leaks. If you user credentials (username or email + password) is found to be leaked somewhere else you will see a page asking you to reset your password via email. 

 

The attempts I've seen today all came from cloud providers outside New Zealand.

 

My guess is that there is a fresh data breach somewhere (New Zealand?) and these Bad Actors™️ are targeting New Zealand sites to validate the accounts. 

 

Make sure you do not reuse passwords - today's numbers tell me a few of you are doing exactly this. 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
richms
29099 posts

Uber Geek
+1 received by user: 10210

Trusted
Lifetime subscriber

  #3410754 3-Sep-2025 15:40
Send private message

I love it when customers tell me that they know their password for our website is right because its the one that they use everywhere. They are normally the same ones that complain that we make them have 2 factor logins and its too much work to use the website.




Richard rich.ms



gehenna
8667 posts

Uber Geek
+1 received by user: 3883

Moderator
Trusted
Lifetime subscriber

  #3410757 3-Sep-2025 15:51
Send private message

richms:

 

I love it when customers tell me that they know their password for our website is right because its the one that they use everywhere. They are normally the same ones that complain that we make them have 2 factor logins and its too much work to use the website.

 

 

I see you've met my father-in-law!

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3410759 3-Sep-2025 15:53
Send private message

I should add that there's a captcha shown when the reset page is loaded and only 20% passed today.

 

So definitely bots.

 

Also, we do rate limit so at some point these bots would be blocked. However nothing can be done if they try slowly.  

 

On the bright side, no account can be accessed until a password reset is performed, so even in case of a leak somewhere else this wouldn't be "validated" for these bots.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3410760 3-Sep-2025 15:55
Send private message

richms:

 

I love it when customers tell me that they know their password for our website is right because its the one that they use everywhere. They are normally the same ones that complain that we make them have 2 factor logins and its too much work to use the website.

 

 

Cue Trade Me users complaining about their accounts being compromised and Trade Me "not doing anything" as per the latest scare articles on Stuff.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Tinkerisk
4798 posts

Uber Geek
+1 received by user: 3660


  #3410816 3-Sep-2025 17:09
Send private message

So I should no longer use the year of death of Richard Marshal, 3rd Earl of Pembroke, who started a rebellion against King Henry III the previous year and lost the battle against English troops at Kildare, as my password? 🤔




- NET: FTTH & VDSL, OPNsense, 10G backbone, GWN APs
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

dustysmurf
26 posts

Geek
+1 received by user: 26


  #3410822 3-Sep-2025 17:52
Send private message

gehenna:

 

I see you've met my father-in-law!

 


Guessing he must be mates with my Dad..(81 years old) .. "I don't care I get hacked"... sigh....

 

Sadly it's not possible to help some people.

 

 

 
 
 
 

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).
Eva888
2762 posts

Uber Geek
+1 received by user: 2427

Lifetime subscriber

  #3410826 3-Sep-2025 18:15
Send private message

Dealing with friends yesterday who just got a new wireless modem and when I checked under for the password…oh my son changed it from the sticker underneath the modem to something easy. Their full legal names and the word home!

 

I didn’t want to interfere so shut up. 

richms
29099 posts

Uber Geek
+1 received by user: 10210

Trusted
Lifetime subscriber

  #3410829 3-Sep-2025 18:25
Send private message

Do you know how many people use their phone number and name as a password for a website, or the name of the site they are accessing.

 

Turns out when I dug into the database dump that our old site gave us to migrate to the new one they were storing plain text passwords. Oh My God, so so bad. None of those got converted and imported.

 

 




Richard rich.ms

Behodar
11099 posts

Uber Geek
+1 received by user: 6082

Trusted
Lifetime subscriber

  #3410876 3-Sep-2025 18:28
Send private message

I'm a moderator on another forum and something we've seen in the past is accounts (typically inactive ones, but not always) suddenly posting spam for dating sites. The IP addresses don't align with their "real" ones, and we came to the same conclusion: compromised accounts due to password leaks. It's been quiet for a number of months, but it's started to happen again in the past 2-3 days, so I suspect there was a new leak somewhere.

Linux
12182 posts

Uber Geek
+1 received by user: 8476

Trusted
Lifetime subscriber

  #3410877 3-Sep-2025 18:30
Send private message

I don't even know my own passwords to my online accounts and it is not due to old age

muppet
2643 posts

Uber Geek
+1 received by user: 1660

Trusted

  #3410879 3-Sep-2025 18:33
Send private message

The people who read this thread won't be the ones that need to.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
nztim
4013 posts

Uber Geek
+1 received by user: 2710

ID Verified
Trusted
TEAMnetwork
Subscriber

  #3410886 3-Sep-2025 18:57
Send private message

You should only know the password to your password manager




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #3410890 3-Sep-2025 19:07
Send private message

freitasm:

 

As a reminder, every time you login we check for password leaks. If you user credentials (username or email + password) is found to be leaked somewhere else you will see a page asking you to reset your password via email. 

 

 

Are you using the Cloudflare leaked credentials detection for this? I was looking at using this for one of our domains.

 

Also obligatory check/register your email address in https://haveibeenpwned.com/ folks

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3410892 3-Sep-2025 19:12
Send private message

Ragnor:

 

freitasm:

 

As a reminder, every time you login we check for password leaks. If you user credentials (username or email + password) is found to be leaked somewhere else you will see a page asking you to reset your password via email. 

 

 

Are you using the Cloudflare leaked credentials detection for this? I was looking at using this for one of our domains.

 

Also obligatory check/register your email address in https://haveibeenpwned.com/ folks

 

 

It is a two way approach. I use both the Cloudflare detection and the haveibeenpned password APi. This check happens on login only.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

acsylaa
85 posts

Master Geek
+1 received by user: 66

Just Internet

  #3410896 3-Sep-2025 19:22
Send private message

freitasm:

 

Cue Trade Me users complaining about their accounts being compromised and Trade Me "not doing anything" as per the latest scare articles on Stuff.

 

 

Its trademe, would you expect anything less?

 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright