One breach but salted, unique, long password. How did they figure it out?

My community college Gmail/school account was taken over. It was exposed in the Mathway breach, but it said it was salted. It is a unique and long enough password where I cannot imagine it's in any rainbow tables or rockyou type lists. Plus it said it was salted.

I got the usual sextortion type email from my own email address. I was half asleep when I got it. I went to go change my password and logged in with it fine, but when I entered the current password to get new password it said it was invalid. They changed it. I cannot login now.

Either Mathway lied or I was a part of another unknown breach where the passwords were in clear text. (I assume). I only used the email on Mathway, Chegg, and Bartleby. It is unique enough I cannot imagine it's in any type of list. None of my main accounts, phone, or computer were affected.

I'm studying cyber security so I am just interested in your thoughts to how it was done. There is no one to contact from the school so I have to wait until Monday while the person is in the account.

submitted by /u/beeswaxntyoursinc
[link] [comments]

from hacking: security in practice https://ift.tt/38lCg2Z

Comments