Public Service Announcement: >Just doxed myself using the same procedure I use on others >Found my personal email account and password have been published a few months ago along with a massive list of others >Use that same password for almost all of my accounts associated with that email (including bank accounts) >Went through and systematically changed all my passwords.
Be careful guys. Luckily I caught it as early as I did. Not sure how someone got my gmail password. Not sure who has accessed my account information. Be safe out there
I ultimately found my account information on a pastebin datasheet using Drizzy Tool V2.
Samuel Flores
non-sms 2-factor seems to be pretty good. Also, remember that some password managers were compromised when a bunch of cloud state data was exposed.
What procedure did you use to dox?
looking at server logs, I see user/password attempts but with bogus usernames, and the typical script kiddies. Sometimes I see burner usernames I've used for some compromised websites so these are obviously targeted attacks against the mailserver..
Jaxson Martin
bumping for process
Angel Ward
Too lazy to write a guide, plenty online, just use google. It's my mistake for being lazy with my email account. I've accessed my email from public areas on foreign devices using SMS 2 factor. I also used to use my main email for miscellaneous sites which really should have been accessed on a burner or backup account. Oh well, lesson learned and nothing lost.
Isaac Adams
well, at least there were no known compromises of valuable data...
I am somewhat paranoid of visiting the site and downloading the tool, to the point I want to load it into an old laptop running on the DMZ, don't want the damn site or app to root me
Liam Ward
>Drizzy Tool V2 and what list are we talking about. there's been so many lists been brought up that can't be sure if I have checked them all for my credentials
Gavin Peterson
You can also use the non-download version of the script. I forget how but its available on their site just go through each link, ctl-f on each site and search to see where your account info is referenced, if it is at all. Especially lookout for pastebin links or google docs or something along those lines.
I have done that to all the lists I know. I just constantly worry that there's a new list been combined, that has my info and that I'm not aware of. That's why I try to find out the lists anons refere to, to check that the said list is one that I'm already aware of and have checked
Logan Butler
Where do i find this? how do i best avoid it?
Thomas Powell
different names temp email different passwords vpn etc etc
>to check that the said list is one that I'm already aware of and have checked >implying that your are 'in the loop' on people selling account info on the deep web and you check all lists for your own account information You realize lists like this are compiled and sold all the time, right? There's no way you would ever search each individual list for your account info, thats why you use browser index searches to search the entire web for references. Thats why things like drizzys tools exist. I don't fuck around with tor anymore, but tor is where this information is traded and unless you are buying the information, you can't search it. But just to satisfy your curiousity, here is the list that my email address and password was on: Pbin /WMm2VBBZ try this page, drizzybot go to dox services and type in your account name. It'll do a search to see where your account is referenced. you can also use but it doesn't give the same information
Jeremiah James
can anyone confirm if doxtoolv2 is clean?
Alexander Reyes
nope, use at own risk
Mason Thompson
malwarebytes didn't detect anything, I'm using it and it works fine.
William Morales
Hacker user here Malware bites can't detect shit other than script kiddies
for real results use wireshark
Chase Powell
Can i secure passwords from this stuff or does it just show up?
Carson Johnson
look up sha256/ password generator and use a encrypted password manager like keepass or lastpass
Easton Butler
Even then fake web pages can steal password so be smart
Matthew Collins
thanks IT anons, saving all this info
Parker Turner
IT? Bitch, i'm a self taught hacker I report pedos to the fbi
Logan Ross
I take it you'd be surprised what your local hodunk town USA sheriff's office is capable of.
