Discussion - Member to Member Sales - Research Center
Discussion - Member to Member Sales - Research Center
https://haveibeenpwned.com/
Here is the actual story.
http://www.bbc.com/news/technology-41095606
1 Member
likes this post.
Login to Like.
Thanks for the heads up sheepshanks.
I entered my email address at the haveibeenpwned.com link you provided and was horrified to find my email address along with the password that I used until recently for my online banking visible for all too see in a "paste".
I am still not too clear what a "paste" is though, but I have reported it to Pastebin so hopefully they will remove it.
I think it is worth the two minutes that it takes for most people to check their email address on the haveibeenpwned site.
Clive
Login to Like
this post
Interesting stuff, sheepshanks!
One of my emails had been pwned from five different locations. The first was at Adobe nearly 4 years ago! I was never notified by Adobe of any breach.
I had no "pastes."
Login to Like
this post
One of our emails is listed as being pwned on one site. The article mentions changing your password, is there anything else that should be done?
Login to Like
this post
Forgot to add - thanks for posting this!
Login to Like
this post
Sally this is the recommendation from the news article.
""I recommend you to change your password, and be more vigilant with the emails that you receive, now you know that you're on malware deliverers' lists,""
Not sure what else but maybe one of our computer buffs will advise more.
I have changed the thread title to make it perhaps more noticeable.
2 Members
like this post.
Login to Like.
11:10:09pm
Mine came up with "breached site"
I don't know what info was shared.
Login to Like
this post
11:52:13pm
" ... Good news — no pwnage found! ..."
But then, the idea; "What if this site is a phishing site to start with ?" crossed my mind.
And then, what if a listening device has been implanted in the waistband of my undershorts and clipping the metal snaps to prevent them falling down at an inopportune moment, turns it on?
I think I'll go commando from now on. On can never know who is gathering evidence.
Or worse, what kind of information they seek.
1 Member
likes this post.
Login to Like.
When the site was started about 4 years ago they created a stir; some said they were fear mongering.
Now that they have been around for a while keep in mind that they are showing breaches from years ago. They also show warnings when your email pops up on any kind of list which they consider spam. Having your email address show up on an email list is not really a security breach. Stamporama publishes our email addresses so it could be that our email addresses got picked up from this site, ends up on a spam email list, and then we get a warning on haveibeenpwned.com. Where is the security breach in that scenario?
Heck many folks post their email in this forum, just go to the search feature here and search for "@" and get hundreds of hits. Be aware that there are plenty of applications which crawl the web looking for email addresses to harvest. I had one called 'cherrypicker' which would crawl the web and build spreadsheets with email addresses and topic. So if a person wanted to just harvest emails for stamp collectors they could target only sites like this one.
The haveibeenpwned.com site does have some value but frankly it is really only a reminder to follow normal, typical online security procedures. If you have had an email account for years and have not changed the password then you are at risk. Periodically go to Google and search on your email address. Make sure you use quotes around your address like this “joe@anywhere.com“. If it returns ANY hits, it shows that your email address has been listed on a web site somewhere. If your email is listed on any site, then spammers have made off with it and added it to the lists they sell. Over on SCF forum we immediately remove any posted email addresses for this reason.
Each VALID email address is worth about a quarter of a penny to spammers. Note word ‘valid’. This is why you should never click on one of those ‘click here to remove your email address from out mailing list’; it validates that your email address for them.
Good computer security relies upon the three ‘P’s; Products, Procedures, and People.
Products - include upgrading your operating system, firewalls, and AV software. If you are using Window XP and some old crusty browser then you are at risk. If you do not download the latest AV definitions then you are at risk. If you do not protect your computer with good AV software, then you are at risk.
Procedures - Are just as important. Do not open any email from an unknown person; certainly never click on a link or open an attachment in ANY email unless you have verified that the link or attachment was sent intentionally.
People – They have gotten very good at social engineering, fooling you that an email has come from someone you might know and have a subject line that looks legitimate. If you get an email that you did not expect, pick up the phone and call the person or company. Ditto for being removed from a mail list, call them. And of course do not click on anything in an email even if it says ‘click here for boobs’.
Be very wary of websites which require your email address just to browser them (ie. Stampworld.com). Some are seeking to build large email lists which are income to them.
But do not get too worried about having your email show up on the haveibeenpwned.com site mentioned above. But do be worried if you are not following good computer security practices.
Don
Edit; popups on websites can be very ugly. If you navigate to any site and some unexpected popup windows displays, do NOT click on ANYTHING. Just trying to close a popup windows can cause malware to be installed on your computer. Instead use 'alt-F4' or Task Manager to close all browser windows. Or simply shut down your computer without trying to close the browser windows.
6 Members
like this post.
Login to Like.
BBC news today, you might like to check your email addresses, mine were ok.
https://haveibeenpwned.com/
Here is the actual story.
http://www.bbc.com/news/technology-41095606
1 Member
likes this post.
Login to Like.
re: stolen Email addresses and passwords.
Thanks for the heads up sheepshanks.
I entered my email address at the haveibeenpwned.com link you provided and was horrified to find my email address along with the password that I used until recently for my online banking visible for all too see in a "paste".
I am still not too clear what a "paste" is though, but I have reported it to Pastebin so hopefully they will remove it.
I think it is worth the two minutes that it takes for most people to check their email address on the haveibeenpwned site.
Clive
Login to Like
this post
re: stolen Email addresses and passwords.
Interesting stuff, sheepshanks!
One of my emails had been pwned from five different locations. The first was at Adobe nearly 4 years ago! I was never notified by Adobe of any breach.
I had no "pastes."
Login to Like
this post
re: stolen Email addresses and passwords.
One of our emails is listed as being pwned on one site. The article mentions changing your password, is there anything else that should be done?
Login to Like
this post
re: stolen Email addresses and passwords.
Forgot to add - thanks for posting this!
Login to Like
this post
re: stolen Email addresses and passwords.
Sally this is the recommendation from the news article.
""I recommend you to change your password, and be more vigilant with the emails that you receive, now you know that you're on malware deliverers' lists,""
Not sure what else but maybe one of our computer buffs will advise more.
I have changed the thread title to make it perhaps more noticeable.
2 Members
like this post.
Login to Like.
A Service Dog gives a person with a disability independence. Never approach, distract or pet a working dog, especially when (s)he is in harness. Never be afraid to ask questions to the handler (parent).
30 Aug 2017
11:10:09pm
re: stolen Email addresses and passwords.
Mine came up with "breached site"
I don't know what info was shared.
Login to Like
this post
Silence in the face of adversity is the father of complicity and collusion, the first cousins of conspiracy..
30 Aug 2017
11:52:13pm
re: stolen Email addresses and passwords.
" ... Good news — no pwnage found! ..."
But then, the idea; "What if this site is a phishing site to start with ?" crossed my mind.
And then, what if a listening device has been implanted in the waistband of my undershorts and clipping the metal snaps to prevent them falling down at an inopportune moment, turns it on?
I think I'll go commando from now on. On can never know who is gathering evidence.
Or worse, what kind of information they seek.
1 Member
likes this post.
Login to Like.
re: stolen Email addresses and passwords.
When the site was started about 4 years ago they created a stir; some said they were fear mongering.
Now that they have been around for a while keep in mind that they are showing breaches from years ago. They also show warnings when your email pops up on any kind of list which they consider spam. Having your email address show up on an email list is not really a security breach. Stamporama publishes our email addresses so it could be that our email addresses got picked up from this site, ends up on a spam email list, and then we get a warning on haveibeenpwned.com. Where is the security breach in that scenario?
Heck many folks post their email in this forum, just go to the search feature here and search for "@" and get hundreds of hits. Be aware that there are plenty of applications which crawl the web looking for email addresses to harvest. I had one called 'cherrypicker' which would crawl the web and build spreadsheets with email addresses and topic. So if a person wanted to just harvest emails for stamp collectors they could target only sites like this one.
The haveibeenpwned.com site does have some value but frankly it is really only a reminder to follow normal, typical online security procedures. If you have had an email account for years and have not changed the password then you are at risk. Periodically go to Google and search on your email address. Make sure you use quotes around your address like this “joe@anywhere.com“. If it returns ANY hits, it shows that your email address has been listed on a web site somewhere. If your email is listed on any site, then spammers have made off with it and added it to the lists they sell. Over on SCF forum we immediately remove any posted email addresses for this reason.
Each VALID email address is worth about a quarter of a penny to spammers. Note word ‘valid’. This is why you should never click on one of those ‘click here to remove your email address from out mailing list’; it validates that your email address for them.
Good computer security relies upon the three ‘P’s; Products, Procedures, and People.
Products - include upgrading your operating system, firewalls, and AV software. If you are using Window XP and some old crusty browser then you are at risk. If you do not download the latest AV definitions then you are at risk. If you do not protect your computer with good AV software, then you are at risk.
Procedures - Are just as important. Do not open any email from an unknown person; certainly never click on a link or open an attachment in ANY email unless you have verified that the link or attachment was sent intentionally.
People – They have gotten very good at social engineering, fooling you that an email has come from someone you might know and have a subject line that looks legitimate. If you get an email that you did not expect, pick up the phone and call the person or company. Ditto for being removed from a mail list, call them. And of course do not click on anything in an email even if it says ‘click here for boobs’.
Be very wary of websites which require your email address just to browser them (ie. Stampworld.com). Some are seeking to build large email lists which are income to them.
But do not get too worried about having your email show up on the haveibeenpwned.com site mentioned above. But do be worried if you are not following good computer security practices.
Don
Edit; popups on websites can be very ugly. If you navigate to any site and some unexpected popup windows displays, do NOT click on ANYTHING. Just trying to close a popup windows can cause malware to be installed on your computer. Instead use 'alt-F4' or Task Manager to close all browser windows. Or simply shut down your computer without trying to close the browser windows.
6 Members
like this post.
Login to Like.