🐿️Pinecone Attack

c/cybersecurity-tips

3

foster.ruby•9h ago

Had to choose between a paid password manager or keeping my spreadsheet

I used a text file on my desktop for 3 years for passwords because I didn't trust cloud storage. Last month it got corrupted during a crash and I lost 40 logins. Switched to Bitwarden for $10 a year and now I actually sleep better. Anybody else hold onto bad habits way too long?

22

maxhart•18h ago

Just realized my 2FA codes leaked through a screenshot sharing tool

I saved a photo of my recovery codes to Google Drive and the pixel in the corner had my full backup details visible for 6 months before I noticed during a random audit, has anyone else accidentally exposed their own security like this?

10

beth_hunt•3d ago

That intern who used "Password123" for the company CRM

I work at a small marketing firm in Austin, and last week I noticed our intern kept logging into our client database without any two-factor prompts. Turns out he set his password to "Password123" and disabled the MFA because it was "annoying." I only caught it because the audit log showed 12 failed login attempts from a random IP in one afternoon. Has anyone else dealt with coworkers who fight you on basic security steps like enabling two-factor?

21

casey943•4d ago

Turned on 2FA for my email and got locked out for 3 days

I finally decided to turn on two-factor authentication for my Gmail last week. Used the authenticator app option since everyone says that's the safest. Well I got a new phone 2 days later and completely forgot to transfer the accounts over. Had to jump through hoops with recovery codes I barely remembered I saved. What I learned was to write down the backup codes and stick them somewhere obvious first. Has anyone else been burned by switching phones right after enabling 2FA?

7

xena_taylor64•5d ago

I chose a paid password manager over the free ones

Everyone says use Bitwarden or keep everything in your browser, but I went with 1Password after my cousin got his accounts drained from a browser leak. I pay $36 a year for the family plan and the convenience of sharing logins with my wife without typing them out. Anyone else think the free options are risky for more than just personal use?

12

gracecarr•5d ago

Can we talk about the time I got hacked at a coffee shop in Portland

I was at a Coffee House Northwest last month, sipping a latte and using their free WiFi to check my bank account... next thing I know, notifications about strange charges popped up. Turns out someone was packet sniffing on that network and grabbed my login info. Has anyone else been burned by public WiFi like this?

22

viola_cooper62•6d ago

That old IT guy told me to stop reusing passwords across accounts back in 2005 and I ignored him till I got hit

After losing access to 12 accounts because one forum got breached and they had my reused password, I finally switched to a password manager last month and now I wonder why it took me nearly 20 years to listen, has anyone else had that moment where one breach changed everything?

8

olivia573•7d ago

Why does nobody talk about how 2FA codes are easy to intercept on public WiFi

I was at a coffee shop downtown last Tuesday and overheard two guys talking about how they pull 2FA codes right off the air in busy places. They said most people don't know that SMS codes can be grabbed by a cheap radio setup for under $50. It made me think about how often I log into my bank on public networks without a second thought. I looked into it after and found out that app-based authenticators are way safer because they don't travel over the network. So now I only use Google Authenticator for my accounts, not SMS. Has anyone else switched to app-based codes after learning this?

19

garcia.charles•7d ago

Lost $200 to a fake antivirus renewal email last month

I got an email that looked exactly like my Norton renewal notice. Same logo, same font, even listed my old license number. I clicked the link and paid $200 for a 2 year plan without thinking twice. Turns out it was a phishing site that copied everything perfectly. My bank flagged the transaction as suspicious 3 days later. I got my money back but it took 2 weeks of calls. Has anyone else gotten fooled by these really well done fake renewal emails?

14

rivera.susan•8d ago

Got my bank account drained after using a public USB port at Denver airport

I was waiting for a layover at DEN last month and plugged my phone into one of those public charging stations by gate B42. Next thing I know, I get a fraud alert at 3am for $450 in gift card purchases. The bank says it was juice jacking - someone had modified the port to steal data. Now I only carry my own power bank and never plug into random USB ports anywhere. Has anyone else had this happen at an airport or hotel lobby?

9

the_wendy•9d ago

My neighbor laughed at me for using a password manager until his email got hacked

So my neighbor Mike, who works in IT by the way, told me last summer that password managers were just a scam to get your data. He said keep a notebook with your passwords like he does, it's safer. Well yesterday he knocked on my door panicking because someone got into his email and changed his bank passwords. He had the same password for everything, like 10 years old. Took him 3 hours on the phone with support to start fixing it. Now he's asking me which password manager I use. Anyone else have people in your life who ignored good advice until something bad happened?

24

reese550•11d ago

Just realized my password manager was the weak link the whole time

So I got hit with a phishing email last Tuesday that looked legit from my bank. I almost fell for it but caught it last second. Then I started thinking how did they even know I bank there? Turns out my password manager had a data breach back in March and I never updated any of my stored logins because I figured the encryption would save me. Nope. Now I'm going through and changing every single password manually and honestly I'm wondering if I'm better off just using a notebook and writing them down. Has anyone else had a password manager actually cause more problems than it solved?

21

the_jesse•12d ago

Finally figured out why my Netflix kept buffering - it was my own dumb router setup

I had my router sitting right behind my TV for like 2 years, never thinking about it. Then my buddy came over last week, looked at it, and asked why I had it crammed between a metal soundbar and a wall. He moved it 3 feet to the left and my connection went from 20 mbps to 150. I always thought dead zones were just something you put up with, but nope, I was literally blocking my own signal. Anyone else ever do something this stupid and not realize it for way too long?

2

the_joel•13d ago

Why does nobody talk about password managers vs. browser autofill for security?

Last month my buddy got his Facebook drained because he trusted Chrome's autofill on a sketchy site, but I've been using Bitwarden for 3 years without an issue. Do you think the slight inconvenience of a manager is worth it over the convenience of built-in autofill?

7

ryan653•15d ago

PSA: My router's firmware got silently changed overnight

Last week I noticed my home internet in Phoenix was crawling all of a sudden. I checked my router logs and saw the firmware had been updated without my permission at 3 AM on a Tuesday. The new version added a remote management port that was wide open for anyone to find. Has this happened to anyone else with a Netgear router?

12

the_amy•15d ago

My IT buddy told me to use a password manager and I blew it off for 2 years

He kept saying 'just use Bitwarden or something' and I kept typing the same 3 passwords everywhere until my email got hacked last March. Has anyone else had to explain to their bank that no, you did not buy $400 worth of gift cards in 10 minutes?

19

karen275•16d ago

A colleague told me my password manager was worse than nothing

I used to keep all my passwords in a text file on my desktop. One guy I work with saw it over my shoulder and said that's basically an invitation to get hacked. He showed me how to set up Bitwarden in about 10 minutes. Now I have unique passwords for every site and I don't have to remember any of them. Has anyone else had a rude awakening about their password habits?

15

lindaw29•16d ago

Switched from free AVG to paid Bitdefender after 3 malware hits

Free antivirus let three infections through in six months, but the paid one caught everything including a keylogger I didn't even know I had. Has anyone else noticed a big gap between free and paid security tools?

23

umab86•16d ago

I finally saw a fake login page at a coffee shop in Austin

Walked into this trendy spot on South Congress and their free WiFi login page asked for my social security number, which made me laugh out loud until I realized some people probably typed it in.

7

sullivan.elliot•16d ago

Spent 4 hours on a simple phishing email that looked totally real

Got an email yesterday that looked exactly like from my bank. Logo matched. URL looked right. I almost clicked. Something felt off so I checked the headers. Took 4 hours to trace it back to a spoofed domain. The real lesson? Never trust display names. Anyone else almost got caught by one that looked perfect?

16

johnson.adam•18d ago

Used to trust password managers completely until LastPass got hacked in 2022

Had all my passwords in LastPass for 5 years. After that breach I went through and changed every single one, then switched to Bitwarden. Took me two whole weekends to clean up the mess. Now I keep critical stuff like banking in my head or written on paper locked in my home safe. Has anyone else gone backwards like this after being burned?

9

the_kevin•20d ago

Burned $200 on a sketchy password manager that didn't work

I paid for this flashy password manager with vaults and sharing features, turns out it couldn't even sync across my phone and laptop. Anyone else fall for a paid tool that should have been free?

8

casey943•20d ago

Hit 500 unique passwords in my manager last week and had a mini panic attack

I was cleaning up my password manager last Tuesday and noticed the count hit 503. That's over 500 different logins I've accumulated across work accounts, old forums, streaming trials, and random signups. The absurd part is I recognized maybe 50 of them as things I actually use regularly. Made me wonder how many of those accounts still exist or if someone's sitting on my old Neopets login. Anyone else ever count their total and feel a little embarrassed?

32

robin777•21d ago

The moment I stopped reusing passwords after my email got hit

I got a notification from Have I Been Pwned that my email was in a breach from 2017, and it took me seeing all 47 compromised accounts linked to the same password to finally sign up for a password manager last week, anyone else have that wake up call happen from a specific site breach?

20

barnes.jamie•22d ago

Can we talk about how my old password manager just failed me out of nowhere

Last Tuesday I went to log into my bank and my password manager crashed, leaving me locked out with no way to retrieve any of my 200+ passwords. Had to spend 3 hours on the phone with customer support resetting everything manually - does anyone still trust cloud based password managers after something like this?