Have I Been Pwned owner, pwned - Hypertext
htxt.co.za
A phishing attack managed to fool Troy Hunt into handing over MailChimp credentials.
  • A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
  • Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
  • Hunt has detailed the attack and warned his subscribers in a timely fashion.
  • VerPoilu@sopuli.xyzEnglish
    0·
    12 days ago

    He mentioned that he does and the password manager didn’t prompt to autocomplete the password automatically, so he had to force it.

    The thing that should have saved my bacon was the credentials not auto-filling from 1Password, so why didn’t I stop there? Because that’s not unusual. There are so many services where you’ve registered on one domain (and that address is stored in 1Password), then you legitimately log on to a different domain.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      0·
      12 days ago

      Then add multiple URLs for that entry. You can even have it match on the base domain, so it works on any subdomain, or restrict it to a subdomain.

      I assume that works on 1Password, it works on Bitwarden at least.

      That said, I could see myself making this mistake. I’ve had to manually find entries before for one reason or another (e.g. usually use the app, but access the website this one time).

      • ricecake@sh.itjust.worksEnglish
        1·
        12 days ago

        It does work there. The unfortunate thing is that so many sites change their login structure often enough that it no unusual to discover that a site just changed again and you need to update the list.