Email Compromised On The Dark Web

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
RJC
Posts: 1489
Joined: Fri Dec 14, 2018 12:40 pm

Email Compromised On The Dark Web

Post by RJC »

Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
HomeStretch
Posts: 11419
Joined: Thu Dec 27, 2018 2:06 pm

Re: Email Compromised On The Dark Web

Post by HomeStretch »

Can’t hurt to change all passwords.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Email Compromised On The Dark Web

Post by anon_investor »

RJC wrote: Sun Sep 22, 2019 4:45 pm Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.
User avatar
msi
Posts: 706
Joined: Sun Feb 17, 2008 10:15 pm

Re: Email Compromised On The Dark Web

Post by msi »

Just make sure you're not repeating the same password on multiple sites and that you're not using something easily guessed, i.e. kids' names, anniversary date, the word "password" itself, etc.

I use Apple Keychain as a password manager and used to use 1password (which was great). Never tried LastPass, but I do know they've had their own security issues https://en.wikipedia.org/wiki/LastPass#Security_issues
livesoft
Posts: 86077
Joined: Thu Mar 01, 2007 7:00 pm

Re: Email Compromised On The Dark Web

Post by livesoft »

I would think that anybody and everybody can get e-mail addresses readily, so I would be unconcerned. Now if they got your e-mail password, that's another story.
Wiki This signature message sponsored by sscritic: Learn to fish.
User avatar
bluquark
Posts: 1195
Joined: Mon Oct 22, 2018 2:30 pm

Re: Email Compromised On The Dark Web

Post by bluquark »

This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
70/30 portfolio | Equity: global market weight | Bonds: 20% long-term munis - 10% LEMB
Topic Author
RJC
Posts: 1489
Joined: Fri Dec 14, 2018 12:40 pm

Re: Email Compromised On The Dark Web

Post by RJC »

Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
User avatar
RootSki
Posts: 582
Joined: Mon Feb 20, 2017 10:52 am

Re: Email Compromised On The Dark Web

Post by RootSki »

RJC wrote: Sun Sep 22, 2019 8:01 pm Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.
cherijoh
Posts: 6591
Joined: Tue Feb 20, 2007 3:49 pm
Location: Charlotte NC

Re: Email Compromised On The Dark Web

Post by cherijoh »

bluquark wrote: Sun Sep 22, 2019 5:26 pm This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Interesting. It says my email was involved in 8 data breaches but I've only heard of 2 of the sites - LinkedIn and Myfitnesspal.
Topic Author
RJC
Posts: 1489
Joined: Fri Dec 14, 2018 12:40 pm

Re: Email Compromised On The Dark Web

Post by RJC »

RootSki wrote: Mon Sep 23, 2019 9:45 am
RJC wrote: Sun Sep 22, 2019 8:01 pm Thanks everyone for your suggestions. I am going to try Apple Keychain and see if that helps.
Keychain is awesome. I never worry about passwords anymore.
Just trying it out for the first time. So far so good! :beer
khh
Posts: 343
Joined: Sat Dec 27, 2008 9:31 pm

Re: Email Compromised On The Dark Web

Post by khh »

anon_investor wrote: Sun Sep 22, 2019 4:48 pm
RJC wrote: Sun Sep 22, 2019 4:45 pm Hi friends,

I just received this notice from a credit monitoring service (CreditWise on Capital One):

"CreditWise found your email compromised on the dark web. CreditWise scans the dark web daily for your email address and SSN. If we find your information, we send you this alert so you can take action."

It also says my password was "Exposed".

Should I be concerned? What is the consensus here on password managers (e.g. LastPass)?

Thanks.
I would change your password, and make sure 2 factor authentication is turned on.
Several months ago, I checked to see whether my email was on the dark web, and it came back as a "yes". I just left it at that and forgot about it. I've had nothing suspicious happen, but this thread inspired me to change my passwords and get 2-factor ID where I can.

My understanding is that if someone unauthorized tries access your account and has your password, you will get an unexpected request for verification. What if that someone has your email but doesn't have your password, is there any way to find out whether he has tried to access your account?
User avatar
Cubicle
Posts: 1027
Joined: Sun Sep 22, 2019 1:43 am

Re: Email Compromised On The Dark Web

Post by Cubicle »

I've dealt with "compromises" in the past. I would change my passwords if I were you. Add 2 factor where you can. And for the important stuff (banks, investments), turn on any/all notifications pertaining to activity.
$1 saved = >$1 earned. ✓
JBTX
Posts: 11227
Joined: Wed Jul 26, 2017 12:46 pm

Re: Email Compromised On The Dark Web

Post by JBTX »

I'd recommend a new separate email account, or accounts, for banks and financial institutions like fidelity, vanguard, etc.
User avatar
abuss368
Posts: 27850
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
Contact:

Re: Email Compromised On The Dark Web

Post by abuss368 »

It is getting so tough today to figure out what is legitimate. I would consider calling bank directly. Turn on all two factor authorizations and also voice verify when possible.
John C. Bogle: “Simplicity is the master key to financial success."
sschoe2
Posts: 792
Joined: Fri Feb 24, 2017 3:42 pm

Re: Email Compromised On The Dark Web

Post by sschoe2 »

Anyone can get an email address. Mine has been listed on the dark web for years. I doubt it is much more useful than knowing your full name.
User avatar
Toons
Posts: 14467
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: Email Compromised On The Dark Web

Post by Toons »

bluquark wrote: Sun Sep 22, 2019 5:26 pm This is a routine event nowadays, and you should be concerned if and only if you are reusing the same password. If you are, change that password on every account where you use it.

CreditWise is likely using the same database as http://haveibeenpwned.com/. If you look up your email address on that site, you may get additional details about the breach.
Exactly
Got the same notification last year
As a precaution I changed my passwords
:happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
Ketawa
Posts: 2521
Joined: Mon Aug 22, 2011 1:11 am
Location: DC

Re: Email Compromised On The Dark Web

Post by Ketawa »

These notifications mean very little. It isn't your email address that is compromised. It is your account on some web site for which your email address is the login. Without knowing which account, the notifications are useless to someone who is already using a password manager and isn't reusing passwords.

Checking HIBP, my primary email has been involved in 11 breaches, so I have received dozens of these notifications. These databases are constantly popping up on the dark web. My actual Google account has never been compromised and I have 2FA enabled for it.
User avatar
Corsair
Posts: 584
Joined: Mon Oct 21, 2019 9:57 am
Location: USA

Re: Email Compromised On The Dark Web

Post by Corsair »

Agree with others on changing passwords, DFA, apple keychain. They probably spoofed your email address. Just like how you get fake emails which appear to be from Apple. Do you show the email in your outbox?
All posts are my own opinions and are not financial advice.
TJSI
Posts: 401
Joined: Thu Jan 27, 2011 3:03 pm

Re: Email Compromised On The Dark Web

Post by TJSI »

Yes you should be concerned because that message itself may be a scam. You can't scan the "dark web". Call the number on your credit card to see if there is any validity to that message.
toofache32
Posts: 2349
Joined: Sun Mar 04, 2012 5:30 pm

Re: Email Compromised On The Dark Web

Post by toofache32 »

Where is this "dark web?" Anyone have a URL so I can check it out myself?
gtd98765
Posts: 952
Joined: Sun Jan 08, 2017 3:15 am

Re: Email Compromised On The Dark Web

Post by gtd98765 »

toofache32 wrote: Mon Oct 21, 2019 10:58 pm Where is this "dark web?" Anyone have a URL so I can check it out myself?
https://en.wikipedia.org/wiki/Dark_web
Post Reply