Dark Web?

M

Mike Goetzke

Member
Joined
Jul 12, 2008
Messages
1,133
Both Experian and MS Defender found what they say is my personal info on the dark web. It shows my email, phone number, and a password I have never used. I did change my email password but has anyone else experienced this and needed to do more?
 
No, that sounds odd.

I did freeze all 3 credit reporting agencies reports because of static like that.  American Express called me and strongly suggested I do that. 

All the Best
 
Not nessacarily, lots of acounts have been leaked, as long as your not using the same password for other services, your probably fine. If your paying for a darkweb monitoring service, they should be able to tell you what site it was leaked from.

Services such as GoogleOne, LastPass, 1Password etc also can provide you those details.
 
Never trust anyone and anything is the simple rule.

That includes Windows Defender, by the way.

The thing is, a common practice to scam a user is to create a situation that *forces* the user to change his password so the attacker can intercept the change taking place.

To accomplish this, seeding fake data into data sources which the attacker *knows* are monitored by Microsoft etc. is one of the attack vectors.

In other words, you best course of action -in this case- would have been NOTHING. At least not immediately. The fact the password reported was wrong is actually *good* as it indicates your real PW was most likely not leaked.

It makes sense to change the PW, as a precaution, but not immediately. Or at least not using the usual means - use a different computer etc. etc. If this was not a spear fishing attack by a state-level actor (think China, FBI, etc.), the attacker has limited time budget while he is "watching" for your actions. After a few days he would give up and go worry about "easier" targets.

In general, as already mentioned, the most important is to not reuse passwords between various services. At least for the critical ones like email, your google account etc.
 
luvmytoolz said:
This search engine is great to check if any email addresses you have were involved in any known/published breaches:
https://haveibeenpwned.com/
Click to expand...
Well, by searching like this one is actually "broadcasting" the email address to the wider world .. to be abused for spam etc.

It is a valid service, but should not be used unless investigating a real issue, else it can easily cause an issue to come up ..

This is like when one wants to register a domain ... the worst thing to do is start searching for it on various "domain portals", looking for pricing etc. ... a couple searches and the domain will be flagged as "in demand" and end up snatched before one gets a chance to register it .. only to then be offered for $200 as a "great deal". (One should do a simple whois to test if it is free and the next step should be the order itself. That way only the registry knows there may be a demand for it.)
 
You must log in or register to reply here.

Similar threads

S
I think the US Tool & Fastener site has been hacked
Replies
16
Views
4K
smorgasbord
S
D
Festool Fan Shop
Replies
2
Views
3K
Rutabagared
Rutabagared
R
TSC 55 KEB-F US dust collection performance suddenly declines
Replies
6
Views
501
ChuckM
C
O
A Visit to Hearne Hardwoods
Replies
0
Views
560
onocoffee
O
J
Warning: Woodpeckers Semble Clamps can Ruin Woodwork
Replies
5
Views
1K
leakyroof
leakyroof
Back
Top