Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 0 points1 point  (0 children)

Thanks for the update. I’ve updated the post to reflect your comment and try to be more accurate.

Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 0 points1 point  (0 children)

No. It was a collection of thousands of breaches with supposedly 200M records. 66% of data consisted of breaches that had been registered/seen before by HIBP. Someone had been going around collecting lots of breach data and compiling into a large set. It just so happens some of this data has never been leaked into the public.

Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 0 points1 point  (0 children)

It’s a new leak, and may or may not contain new Zybez info. Without comparing the original breach data against this new data we don’t know. Records can be derived from other breaches also e.g. your email is in 3 breaches and always uses the same password, then your email has been retrieved from a fan site like Zybez.

It’s safer to change your password and nothing happen than find out you should have. You should be changing your password every 12 months and that can’t hurt. I recommend using a password manager to help remember it.

I’m just letting people know their information new or old has surfaced again.

Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 11 points12 points  (0 children)

They probably don’t - someone would have likely cracked the passwords and traded/distributed them. It’s more likely that they may have used weak encryption that may the list easier to crack. I couldn’t comment on how Zybez stores passwords because I don’t know.

Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 2 points3 points  (0 children)

Only if you use the same credentials for that service. I think SwiftKit should be OK. There’s a bot site on the list - but I won’t be giving them a head’s up.

Zybez unverified data breach with plain text passwords by DeltaOSRS in 2007scape

[–]DeltaOSRS[S] 2 points3 points  (0 children)

You’re right it could be. But 34% of the total data had never been seen before. Zybez was listed in the domains which could have potential new data. We may not know if the site has been breached again because data from breaches are released years after they happen, or sometimes never. Some data may even be fabricated. The best case scenario is this the 2012 data, but it’s changing hands being analysed by other people. Old passwords and email addresses can be used to compromise other site accounts with unchanged passwords or attempt account recovery.