Page 1 of 1

Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 4:45 pm
by RJC
Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 4:48 pm
by HomeStretch
Can’t hurt to change all passwords.

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 4:48 pm
by anon_investor
RJC wrote:
Sun Sep 22, 2019 4:45 pm
Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 5:19 pm
by msi
Just make sure you're not repeating the same password on multiple sites and that you're not using something easily guessed, i.e. kids' names, anniversary date, the word "password" itself, etc.

I use Apple Keychain as a password manager and used to use 1password (which was great). Never tried LastPass, but I do know they've had their own security issues https://en.wikipedia.org/wiki/LastPass#Security_issues

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 5:20 pm
by livesoft
I would think that anybody and everybody can get e-mail addresses readily, so I would be unconcerned. Now if they got your e-mail password, that's another story.

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 5:26 pm
by bluquark
This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.

Re: Email Compromised On The Dark Web

Posted: Sun Sep 22, 2019 8:01 pm
by RJC
Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.

Re: Email Compromised On The Dark Web

Posted: Mon Sep 23, 2019 9:45 am
by RootSki
RJC wrote:
Sun Sep 22, 2019 8:01 pm
Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.

Re: Email Compromised On The Dark Web

Posted: Mon Sep 23, 2019 10:03 am
by cherijoh
bluquark wrote:
Sun Sep 22, 2019 5:26 pm
This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Interesting. It says my email was involved in 8 data breaches but I've only heard of 2 of the sites - LinkedIn and Myfitnesspal.

Re: Email Compromised On The Dark Web

Posted: Mon Sep 23, 2019 12:22 pm
by RJC
RootSki wrote:
Mon Sep 23, 2019 9:45 am
RJC wrote:
Sun Sep 22, 2019 8:01 pm
Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.
Just trying it out for the first time. So far so good! :beer

Re: Email Compromised On The Dark Web

Posted: Sun Oct 20, 2019 10:31 pm
by khh
anon_investor wrote:
Sun Sep 22, 2019 4:48 pm
RJC wrote:
Sun Sep 22, 2019 4:45 pm
Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.
Several months ago, I checked to see whether my email was on the dark web, and it came back as a "yes". I just left it at that and forgot about it. I've had nothing suspicious happen, but this thread inspired me to change my passwords and get 2-factor ID where I can.

My understanding is that if someone unauthorized tries access your account and has your password, you will get an unexpected request for verification. What if that someone has your email but doesn't have your password, is there any way to find out whether he has tried to access your account?

Re: Email Compromised On The Dark Web

Posted: Sun Oct 20, 2019 10:36 pm
by Cubicle
I've dealt with "compromises" in the past. I would change my passwords if I were you. Add 2 factor where you can. And for the important stuff (banks, investments), turn on any/all notifications pertaining to activity.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 8:01 am
by JBTX
I'd recommend a new separate email account, or accounts, for banks and financial institutions like fidelity, vanguard, etc.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 8:28 am
by abuss368
It is getting so tough today to figure out what is legitimate. I would consider calling bank directly. Turn on all two factor authorizations and also voice verify when possible.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 8:40 am
by sschoe2
Anyone can get an email address. Mine has been listed on the dark web for years. I doubt it is much more useful than knowing your full name.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 8:53 am
by Toons
bluquark wrote:
Sun Sep 22, 2019 5:26 pm
This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Exactly
Got the same notification last year
As a precaution I changed my passwords
:happy

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 10:24 am
by Ketawa
These notifications mean very little. It isn't your email address that is compromised. It is your account on some web site for which your email address is the login. Without knowing which account, the notifications are useless to someone who is already using a password manager and isn't reusing passwords.

Checking HIBP, my primary email has been involved in 11 breaches, so I have received dozens of these notifications. These databases are constantly popping up on the dark web. My actual Google account has never been compromised and I have 2FA enabled for it.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 10:27 am
by Corsair
Agree with others on changing passwords, DFA, apple keychain. They probably spoofed your email address. Just like how you get fake emails which appear to be from Apple. Do you show the email in your outbox?

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 11:21 am
by TJSI
Yes you should be concerned because that message itself may be a scam. You can't scan the "dark web". Call the number on your credit card to see if there is any validity to that message.

Re: Email Compromised On The Dark Web

Posted: Mon Oct 21, 2019 10:58 pm
by toofache32
Where is this "dark web?" Anyone have a URL so I can check it out myself?

Re: Email Compromised On The Dark Web

Posted: Tue Oct 22, 2019 6:33 am
by gtd98765
toofache32 wrote:
Mon Oct 21, 2019 10:58 pm
Where is this "dark web?" Anyone have a URL so I can check it out myself?
https://en.wikipedia.org/wiki/Dark_web