
Ask HN: How could someone have guessed my LendingClub password? - minton
I used 1Password and my LendingClub account has a 40 character randomly generated alphanumeric password. I do not reuse passwords. This evening I received a &quot;one-time&quot; code with login details saying someone attempted to login.<p><pre><code>  Login Details
  We noticed a login attempt from the following device and location.
  Location: Ashburn, VA
  Browser: Chrome
  IP: 52.5.126.46
</code></pre>
How could someone have guessed such a password?
======
ListeningPie
Assuming someone did get your password and you are the only with access to it
possibilities range:

you having logged on a different computer where your password was recorded,

your password being stored in ram and accessed by a malware,

your 1Password account being violated,

LendingClub had a data leak and they do not hash their passwords

You gave your password up in a phishing attack

I’m sure there are more that I haven’t thought of.

------
basicplus2
Login Attempt = Failed Login

Login = Successful login

~~~
minton
I don’t think it’s a failed login attempt since I received a one-time code.
Also, this is the same email I get when I try to login.

------
byoung2
That IP address is an Amazon EC2 instance...are you using a proxy or VPN?

~~~
minton
I do use a VPN but I was not accessing the site, I was watching a movie when I
got the email.

