Email Compromised On The Dark Web

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
RJC
Posts: 392
Joined: Fri Dec 14, 2018 1:40 pm

Email Compromised On The Dark Web

Post by RJC » Sun Sep 22, 2019 4:45 pm

Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.

HomeStretch
Posts: 2976
Joined: Thu Dec 27, 2018 3:06 pm

Re: Email Compromised On The Dark Web

Post by HomeStretch » Sun Sep 22, 2019 4:48 pm

Can’t hurt to change all passwords.

anon_investor
Posts: 592
Joined: Mon Jun 03, 2019 1:43 pm

Re: Email Compromised On The Dark Web

Post by anon_investor » Sun Sep 22, 2019 4:48 pm

RJC wrote:
Sun Sep 22, 2019 4:45 pm
Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.

User avatar
msi
Posts: 524
Joined: Sun Feb 17, 2008 11:15 pm

Re: Email Compromised On The Dark Web

Post by msi » Sun Sep 22, 2019 5:19 pm

Just make sure you're not repeating the same password on multiple sites and that you're not using something easily guessed, i.e. kids' names, anniversary date, the word "password" itself, etc.

I use Apple Keychain as a password manager and used to use 1password (which was great). Never tried LastPass, but I do know they've had their own security issues https://en.wikipedia.org/wiki/LastPass#Security_issues

livesoft
Posts: 68664
Joined: Thu Mar 01, 2007 8:00 pm

Re: Email Compromised On The Dark Web

Post by livesoft » Sun Sep 22, 2019 5:20 pm

I would think that anybody and everybody can get e-mail addresses readily, so I would be unconcerned. Now if they got your e-mail password, that's another story.
Wiki This signature message sponsored by sscritic: Learn to fish.

bluquark
Posts: 882
Joined: Mon Oct 22, 2018 2:30 pm

Re: Email Compromised On The Dark Web

Post by bluquark » Sun Sep 22, 2019 5:26 pm

This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.

Topic Author
RJC
Posts: 392
Joined: Fri Dec 14, 2018 1:40 pm

Re: Email Compromised On The Dark Web

Post by RJC » Sun Sep 22, 2019 8:01 pm

Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.

User avatar
RootSki
Posts: 297
Joined: Mon Feb 20, 2017 11:52 am

Re: Email Compromised On The Dark Web

Post by RootSki » Mon Sep 23, 2019 9:45 am

RJC wrote:
Sun Sep 22, 2019 8:01 pm
Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.

cherijoh
Posts: 6357
Joined: Tue Feb 20, 2007 4:49 pm
Location: Charlotte NC

Re: Email Compromised On The Dark Web

Post by cherijoh » Mon Sep 23, 2019 10:03 am

bluquark wrote:
Sun Sep 22, 2019 5:26 pm
This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Interesting. It says my email was involved in 8 data breaches but I've only heard of 2 of the sites - LinkedIn and Myfitnesspal.

Topic Author
RJC
Posts: 392
Joined: Fri Dec 14, 2018 1:40 pm

Re: Email Compromised On The Dark Web

Post by RJC » Mon Sep 23, 2019 12:22 pm

RootSki wrote:
Mon Sep 23, 2019 9:45 am
RJC wrote:
Sun Sep 22, 2019 8:01 pm
Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.
Just trying it out for the first time. So far so good! :beer

khh
Posts: 298
Joined: Sat Dec 27, 2008 10:31 pm

Re: Email Compromised On The Dark Web

Post by khh » Sun Oct 20, 2019 10:31 pm

anon_investor wrote:
Sun Sep 22, 2019 4:48 pm
RJC wrote:
Sun Sep 22, 2019 4:45 pm
Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.
Several months ago, I checked to see whether my email was on the dark web, and it came back as a "yes". I just left it at that and forgot about it. I've had nothing suspicious happen, but this thread inspired me to change my passwords and get 2-factor ID where I can.

My understanding is that if someone unauthorized tries access your account and has your password, you will get an unexpected request for verification. What if that someone has your email but doesn't have your password, is there any way to find out whether he has tried to access your account?

User avatar
Cubicle
Posts: 136
Joined: Sun Sep 22, 2019 1:43 am

Re: Email Compromised On The Dark Web

Post by Cubicle » Sun Oct 20, 2019 10:36 pm

I've dealt with "compromises" in the past. I would change my passwords if I were you. Add 2 factor where you can. And for the important stuff (banks, investments), turn on any/all notifications pertaining to activity.

JBTX
Posts: 5544
Joined: Wed Jul 26, 2017 12:46 pm

Re: Email Compromised On The Dark Web

Post by JBTX » Mon Oct 21, 2019 8:01 am

I'd recommend a new separate email account, or accounts, for banks and financial institutions like fidelity, vanguard, etc.

User avatar
abuss368
Posts: 16076
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!

Re: Email Compromised On The Dark Web

Post by abuss368 » Mon Oct 21, 2019 8:28 am

It is getting so tough today to figure out what is legitimate. I would consider calling bank directly. Turn on all two factor authorizations and also voice verify when possible.
John C. Bogle - Two Fund Portfolio: Total Stock & Total Bond. "Simplicity is the master key to financial success."

sschoe2
Posts: 452
Joined: Fri Feb 24, 2017 4:42 pm

Re: Email Compromised On The Dark Web

Post by sschoe2 » Mon Oct 21, 2019 8:40 am

Anyone can get an email address. Mine has been listed on the dark web for years. I doubt it is much more useful than knowing your full name.

User avatar
Toons
Posts: 13410
Joined: Fri Nov 21, 2008 10:20 am
Location: Hills of Tennessee

Re: Email Compromised On The Dark Web

Post by Toons » Mon Oct 21, 2019 8:53 am

bluquark wrote:
Sun Sep 22, 2019 5:26 pm
This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Exactly
Got the same notification last year
As a precaution I changed my passwords
:happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee

User avatar
Ketawa
Posts: 2192
Joined: Mon Aug 22, 2011 1:11 am
Location: DC

Re: Email Compromised On The Dark Web

Post by Ketawa » Mon Oct 21, 2019 10:24 am

These notifications mean very little. It isn't your email address that is compromised. It is your account on some web site for which your email address is the login. Without knowing which account, the notifications are useless to someone who is already using a password manager and isn't reusing passwords.

Checking HIBP, my primary email has been involved in 11 breaches, so I have received dozens of these notifications. These databases are constantly popping up on the dark web. My actual Google account has never been compromised and I have 2FA enabled for it.

User avatar
Corsair
Posts: 15
Joined: Mon Oct 21, 2019 9:57 am
Location: WA

Re: Email Compromised On The Dark Web

Post by Corsair » Mon Oct 21, 2019 10:27 am

Agree with others on changing passwords, DFA, apple keychain. They probably spoofed your email address. Just like how you get fake emails which appear to be from Apple. Do you show the email in your outbox?

TJSI
Posts: 363
Joined: Thu Jan 27, 2011 4:03 pm

Re: Email Compromised On The Dark Web

Post by TJSI » Mon Oct 21, 2019 11:21 am

Yes you should be concerned because that message itself may be a scam. You can't scan the "dark web". Call the number on your credit card to see if there is any validity to that message.

toofache32
Posts: 1869
Joined: Sun Mar 04, 2012 6:30 pm

Re: Email Compromised On The Dark Web

Post by toofache32 » Mon Oct 21, 2019 10:58 pm

Where is this "dark web?" Anyone have a URL so I can check it out myself?

gtd98765
Posts: 453
Joined: Sun Jan 08, 2017 4:15 am

Re: Email Compromised On The Dark Web

Post by gtd98765 » Tue Oct 22, 2019 6:33 am

toofache32 wrote:
Mon Oct 21, 2019 10:58 pm
Where is this "dark web?" Anyone have a URL so I can check it out myself?
https://en.wikipedia.org/wiki/Dark_web

Post Reply