this post was submitted on 27 Mar 2025
663 points (99.0% liked)

Technology

68067 readers
3542 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
663
Have I Been Pwned owner, pwned. (htxt.co.za)
submitted 4 days ago* (last edited 4 days ago) by Tea@programming.dev to c/technology@lemmy.world
70 comments fedilink hide all child comments
 
  • A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
  • Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
  • Hunt has detailed the attack and warned his subscribers in a timely fashion.
you are viewing a single comment's thread
view the rest of the comments
[–] heavy@sh.itjust.works 134 points 4 days ago (3 children)

Solving the "being human" part of security will probably never happen, which is why you're encouraged to do stuff like use 2FA, different passwords, service isolation and stuff like that.

Anyone and everyone can be fooled at some point, best to try and limit the damage.

[–] Auli@lemmy.ca 26 points 4 days ago (2 children)

I just never click links in email.

[–] Jessica@discuss.tchncs.de 9 points 3 days ago (1 children)

If you use a password manager it won't fill credentials because it will be the wrong domain

[–] mattd@programming.dev 3 points 2 days ago

Unfortunately the article said he just put in his credentials anyway, even though his password manager wouldn’t autofill for him. Pretty stupid, but at least he acknowledges it

[–] Nalivai@lemmy.world 3 points 3 days ago (1 children)

I clicked one once by accident when trying to select it. You can be as diligent as you want you still will slip up from time to time

[–] SaharaMaleikuhm@feddit.org 2 points 3 days ago (1 children)

Should have put the safety on. You need some trigger discipline.

[–] Empricorn@feddit.nl 2 points 3 days ago

Never point an email at something you're not willing to click.

[–] sugar_in_your_tea@sh.itjust.works 16 points 4 days ago

Exactly. Put as many obstacles as possible into the path of scammers, and give yourself as many chances as possible to stop said scammers, and all without making services too annoying to use.

MFA + password manager seems to work well.

[–] Cornelius_Wangenheim@lemmy.world 4 points 4 days ago* (last edited 4 days ago)

FIDO2 and security keys are the closest things we have to a solution. Unfortunately far too few companies support them. It would have saved him here because each credential only works with the proper URL for it.