My TradingView Account Got Hacked!

[schizo]

Where did you see that message? I use TradingView too and I didn't see this message anywhere.

Google Chrome/Password Manager/Checkup.

Of course, you won't ever be notified your password has been compromised unless you first allow Google to handle it, which will check for data breach. However, that's the Catch-22, ain't it? Can you really trust Google with all your passwords? But if you store your passwords offline, obviously you would never know if your passwords are compromised or not (unless you scour the dark web and pour through data dumps yourself).

 

[schizo]

You trust google to manage your passwords?!!!

I'm not the trusting type with password managers, so I keep my own keys (not passwords) in a securely encrypted file. Then I hash the keys into the actual passwords with a password generator roughly similar to the one I posted here. Then I copy and paste the actual passwords as needed.

Using a password generator like that after rearranging the characters in the secret key inside it makes the password generator unique to you. Of course, one would have to keep the password generator and the keys to the actual passwords secure and backed up.

See my previous reply.

 

[schizo]

Hacking has become very easy. make sure to change your passwords once a while or use google authenticator for security if you wanna be safe.

I should, but it's kinda pain in the ass, especially when I'm working on the desktop.

 

[schizo]

You trust google to manage your passwords?!!!

I'm not the trusting type with password managers, so I keep my own keys (not passwords) in a securely encrypted file. Then I hash the keys into the actual passwords with a password generator roughly similar to the one I posted here. Then I copy and paste the actual passwords as needed.

Using a password generator like that after rearranging the characters in the secret key inside it makes the password generator unique to you. Of course, one would have to keep the password generator and the keys to the actual passwords secure and backed up.

Also I forgot to mention that no matter how secure the password is (eg. I store it offline with maximum encryption and I change it often), if the website can't keep it under lock and key on their end, it's kinda pointless. It will get hacked no matter what. And that's what happened with TradingView.

 

[TheDawn]

Google Chrome/Password Manager/Checkup.

Of course, you won't ever be notified your password has been compromised unless you first allow Google to handle it, which will check for data breach. However, that's the Catch-22, ain't it? Can you really trust Google with all your passwords? But if you store your passwords offline, obviously you would never know if your passwords are compromised or not (unless you scour the dark web and pour through data dumps yourself).

Ok. I was wondering cuz I didn't see any announcement or news anywhere about a data breach at tradingview.com. No I don't use Google or anybody to manage my passwords. Cuz how do you know Google won't have a data breach one day and whether they are managing your passwords properly? Like in this case, this is obviously a false alarm. Or is tradingview.com hiding an actual data breach?

 

[schizo]

Like in this case, this is obviously a false alarm. Or is tradingview.com hiding an actual data breach?

But as I stated above, you can take all the precaution as you want (eg. strengthen the password, change it frequently), but if the website can't protect it from hackers, then it's pretty much useless.

Anyway, if you use TV, I suggest you change your password. You just never know if there was a data breach. These idiots might not admit it now but they might down the road.

 

[ph1l]

But as I stated above, you can take all the precaution as you want (eg. strengthen the password, change it frequently), but if the website can't protect it from hackers, then it's pretty much useless.

If the leaked passwords are hashed (and no legitimate busines should be storing plaintext passwords), making the password long and complicated makes it much harder to find the actual password.

That's where a password generator like the one I referred to before could be useful because password generators can easily create long, complex passwords.

 

[Overnight]

View attachment 341308View attachment 341307

Periodically, I get these security updates from Google stating my passwords have been compromised. But most of them are dummy accounts, so I've never paid too much attention. But tonight, for the first time, I found my TradingView account in that list. This is the account that I use everyday. WTF?!

Can this be for real? TradingView is literally used by countless traders and their platform is licensed to every broker imaginable. So how is this even possible? Luckily, I haven't found anything fishy with my account, and I've since changed the password, but I'm not sure I should continue using it.

Schizo, friend, I can tell you a thing or 3...

"I get notifications often that my info has been compromised..."

All those shitty AI progs see is a username, and then assume that the text is the message that Humanity is not ready for Skynet, we are safe, because humans are too stupid.

 

[schizo]

If the leaked passwords are hashed (and no legitimate busines should be storing plaintext passwords), making the password long and complicated makes it much harder to find the actual password.

Lately, I've been using Chrome to generate random passwords for me. For instance, here's one it just generated for me: t&bq34hVafTdHh5

What say you to that? Is it too short or is it not complicated enough in your opinion?

That's where a password generator like the one I referred to before could be useful because password generators can easily create long, complex passwords.

I've looked at the link you've provided above. That seems to be above my pay grade and, frankly, I ain't sure if I would be able to keep track of all the passwords that I generate. I'm sucha clumsy slob.

 

[schizo]

Schizo, friend, I can tell you a thing or 3...

"I get notifications often that my info has been compromised..."

All those shitty AI progs see is a username, and then assume that the text is the message that Humanity is not ready for Skynet, we are safe, because humans are too stupid.

The thing is that I received this weird ransom email not too long ago. The sender sent using my own email address and he threatened me that he knew my password and that unless I pay him money in bitcoin he would do blah, blah, blah. The password he mentioned was apparently one of the leaked passwords. Of course, it's not anything important, so I simply ignored it. But this tells me that Google ain't simply bullshitting when they say my passwords are compromised.