16-06-2018, 10:44 AM
21
Re: Hackers
Originally Posted by Omah
->
Of course, "Have I Been Pwned?" could still be "harvesting" ..... 
(not aimed at you, Omah)
17-06-2018, 08:11 AM
22
Re: Hackers
Originally Posted by Tedc
->
It means that your email address and, possibly, a password which you were using when the leak occurred, has been found out there.That is what this web site finds out for you.
These things get "out there" when some web site accidentally lets your details fall into the wrong hands or, some hacker has obtained a user name and password, of yours, and maybe sold it on.
The baddies could now try out combinations your name/password to see if they can put it together again elsewhere.
Probably the only safe thing to do is not use that password any more and, maybe, the email address as well.
Earlier this year I had a scammed EBay hit where a dozen or so items were bought in my name and set up to be shipped to Russian addresses.
I think it came about out of this situation.
Luckily Ebay & Paypal sorted it all out but I had to change all of my creds to do it.
17-06-2018, 08:41 AM
23
Re: Hackers
HiAccording to that site I have been hit 5 times and pasted once.
There is someone with a very similar email address to me, same name as myself, who lives in Yorkshire.
I keep getting emails meant for him, sent to my email.
This is in spite of complaining to the companies sending them.
The main offender is the Halifax, they include part of his account number and part of his postcode.
They say in the emails that it is to prove that they are genuine.
I know what car he drives and which garage he bought it from, it is due for a service, the garage is sending me emails about it.
I know what his hobbies are, I get emails from shops he has purchased from.
I know he spends a lot of time in Milton Keynes and buys very expensive Perfume for someone.
I have even spoken to the Banking Ombudsman and the Data Protection Office.
They were useless, they cannot accept a complaint from me as I am a Third Party.
He is in arrears
17-06-2018, 09:40 AM
24
Re: Hackers
One other aspect of this (have I been pwnd), and Swim's reply might be a sample of this, is that the baddie who had your email address and password could, fairly easily. log on to your existing accounts, as you.When he gets into an existing site, by means of your identity, he will take over the account and change the various addresses, etc. Then he will do as he wishes without you knowing.
Some of the wiser sites will send you an email checking to see if it was actually you who changed the info. That might work, on those sites, but what about when the baddie joins a site, which you have never been to, and, using your email & password, and runs an account in your name.
Bottom line - password change right now.
Check your details when you go into, for example, Ebay, or Amazon, to see if there have been any profile changes.
If any site has your bank/credit card numbers, be doubly worried and check that site asap.
17-06-2018, 10:45 AM
25
Re: Hackers
Changing a password never hurts but when a site is hacked, the e-mail account password hasn't been compromised because that was never asked for or required by the site. It just isn't on record there. It's therefore the password for the site that it would be advisable to change.Without a password to the e-mail address the hacker gained, it can only be used for spamming purposes or selling on. The hacker would have to find out the e-mail account's password for it to be used for anything else, i.e. pretending to be you.
If a password is good enough, efforts to do this might fail or not be worth persisting with. They will move on to those who use 'dog' or 'cat' or something else that's very easy to crack. If that's the case, the e-mail address alone being gathered isn't a security risk as such but more of a spam risk as far as I can see.
E-mail addresses might more be gathered via the places or sites we give them to. Any of those places could sell or pass them on to others who would find them useful for advertising/spam purposes. Does a hacker gaining your e-mail address from a hacked site pose any more risk than those who have gathered it in some other way?
It all amounts to the same thing though. An email address that has been harvested/hacked/sold/passed on to the point where the nuisance e-mail level has become intolerable should be ditched.
For sure, the bloomin' site shouldn't have been hacked but maybe the worry need not be that the e-mail address has been gathered. It's more the other details that may have been accessed along with it such as names, addresses and card numbers.
17-06-2018, 12:19 PM
26
Re: Hackers
Originally Posted by mart
->
Changing a password never hurts but when a site is hacked, the e-mail account password hasn't been compromised because that was never asked for or required by the site. It just isn't on record there. It's therefore the password for the site that it would be advisable to change. Without a password to the e-mail address the hacker gained, it can only be used for spamming purposes or selling on. The hacker would have to find out the e-mail account's password for it to be used for anything else, i.e. pretending to be you.
If a password is good enough, efforts to do this might fail or not be worth persisting with. They will move on to those who use 'dog' or 'cat' or something else that's very easy to crack. If that's the case, the e-mail address alone being gathered isn't a security risk as such but more of a spam risk as far as I can see.
E-mail addresses might more be gathered via the places or sites we give them to. Any of those places could sell or pass them on to others who would find them useful for advertising/spam purposes. Does a hacker gaining your e-mail address from a hacked site pose any more risk than those who have gathered it in some other way?
It all amounts to the same thing though. An email address that has been harvested/hacked/sold/passed on to the point where the nuisance e-mail level has become intolerable should be ditched.
For sure, the bloomin' site shouldn't have been hacked but maybe the worry need not be that the e-mail address has been gathered. It's more the other details that may have been accessed along with it such as names, addresses and card numbers.
If the baddies find any one of your passwords they are going to try to match that password up with other things which you do.
They assume that some people only have one password, for everything, and act accordingly.
Those people will be exposed.
I'll stick with my original interpretation.
| Thread Tools | |
|
|
