My email has been pwned wtf do I do now?
If this is something either really stupid or really serious please don't give me shit for not knowing I have no idea about tech stuff. But apparently my email was pwned from the internet archive or sth? I only used the site like once😭. What do I do now? Already changed my email password. Anything else I should do? I'm pretty attached at the email but willing to delete if absolutely necessary
Screenshot-2024-10-10-17-38-00-406-com-android-chrome.jpg.
Not sure what that changes but im using my phone (redmi note 8)
Videos
I usually check haveibeenpwned.com every year or so and it's always come back negative for any breaches, until now. Turns out my info has been in 3 breaches in just the last 6 months, so what would be the best course of action here?
Other than changing my password, what other steps should I take?
It said that I have 1 data breach. What does that even mean? Does that mean that somebody guessed my password and was able to log in to my email and get all sort of info?
What’s the breach it said it was named in? Should give you a description.
It’s from when a company got hacked and grabbed the data. Usually never at fault of your own, change the password you used from that data breach on any account that uses that password, and never use it again
You have to assume some hacker has a giant list of passwords with that on there and will try to login on any site possible
In Cybersecurity, paranoia is your friend.
Only one breach? This is a rookie number!
On the advice of a trusted contributor, I checked my email address and those of some of my family members on haveibeenpwned and I discovered some of the emails in some breaches.
What should be my next course of action?
Hi all,
I use a secondary email to subscribe to things I am not extremely interested in but I eventually use occasionally. It's basically a trash email. It got pwoned a couple of years ago.
I've had people use my email to create Walmart accounts (this one was weird, because I had access to PERSONAL information of these people and their credit card, lol). I simply changed their password and I solved it . Also, someone using it in Brazil where I get this person's private information too, credit card, address and even bank information. It's being used in Nigeria too. It's all over the place. I don't understand the reasoning behind this, If I were a bad person, I would be able to cause some serious damage.
I finally understood why was happening when someone subscribed to CrunchyRoll (I have been subscribed to hundreds of stuff once even a dating site, sometimes a simple email to the company clears up the situation and account gets deleted).
However, I got an interesting reply from CrunchyRoll:
"It seems like an unauthorized 3rd party has created an account using your email address. We have deleted the account in questions. However, we cannot guarantee that anyone attempts to create an account with your address again. Sorry about that.
The account was likely created by accident by someone who is checking stolen credentials against our login to find accounts that have premium subscriptions."
I have several questions:
1.- Was my email password compromised? I have already changed it multiple times since that leak.
If I had had a premium subscription with my email, would they have had access to it?
2.- Someway to make it stop? Am I screwed for the rest of my life?
3.- If I delete the gmail account, will this go away? Does this protect me somehow? Will this stop people using my email to subscribe to stuff? I doubt they have access to my inbox.
4.- What can I do to protect my personal information worldwide and avoid misuse? I already have LifeLock by Norton but I doubt it's doing anything
Thank you
Hey guys. So today I found out about this site and wanted to see if I have any data breaches. And it turned out that my account was one of the 140 million pwned accounts on Canva on May 2019 which was a huge data breach if you remember it. So it's been 4 years and today I changed my Canva password and enabled 2 factor authentication. Is there anything else I can do in this situation? And why when I run my email through the site, it still shows that I got pwned? And it's the same thing, the canva breach. How do I remove it completely from that tab? Or is it supposed to? And also I wanted to point out that I don't actually really use the app, I used it like two times when I needed it. So maybe the best thing for me to do will be deleting the Canva account itself? Will it disappear then?
https://imgur.com/a/mSgDNwI
Something feels a bit wierd about it. I did sign up to their alerts fairly recently but, having done some searching, I can't find a whole lot about any other examples of people receiving this type of communication from them.
The "for verification" bit followed by a standard url to their site is a bit strange to me too. I might be being paranoid, but curious if anyone can shed some light.
https://haveibeenpwned.com/ allows you to check if your email address has been involved in a data breach. It can tell you if your password has been exposed as well as many other personal details such as your name, IP address, age, gender and even financial details. Scammers can then use this information to their advantage.
This website was a huge eye-opener for me and it saved me from trouble following a recent data breach. Make sure your information is safe!
Why YSK: Hundreds of millions of online accounts have their details leaked every year, including username and (usually hashed) passwords. These lists are sold for millions of dollars on the darknet, and hackers use these credentials to access your accounts on various platforms. If you share passwords between accounts, they may be able to access accounts which are unrelated to the leak. Beyond credentials, credit card and social security numbers may be leaked. Your credit history, and your identity as whole, are paramount and you should be aware of its possible use by bad actors.
Basically this morning I was subscribed to a youtube channel I wasn’t subscribed to and it was like a bot channel. I do some digging and my email was in one data breach but no pastes in have i been pwned and my google account doesn’t look like there’s suspicious activity, but i checked that dark web alert thing and it says one thing was found on the dark web (maybe my email?) didn’t exactly tell me what, but i’m terrified and not really sure what to do, so far i just changed my password on my email.
So i used to have an email (lets call it email1) and i used it for pretty much everything, but at some point, like a year ago i made a new email and new password and switched emails of most my accounts to the new one. I still used email 1 on some of my snapchat, reddit and twitter, but everything else has my newer email. Today i tried to make an account for something, and since its nothing important, i tried to use email1, but it said it has suspicious activity. I opened that email, only devices connected to it were mine, no suspicious alerts or behaviours, no transactions, payments or subscripitons. I put it in the have i been pwned website and it says it was involved in 1 breach in like 2020 on wattpad. My other 2 emails didnt have any breaches and i have never experienced anything weird in since 2020. All of my accounts already use the new email and password except for snapchat. I have deleted that email now and all accounts connected to it. Shall i still be concerned? I mean its been 5 years without anything happening, i deleted that email, ive been using new email and password on everything for the last like year, but im just asking to be 100% sure. Sorry for the long post
I can't for the life of me figure out if just my email address was leaked, or the password as well? And I hear people say that its not a big deal. How can that be? They can see all my emails.
Sites listed on HIBP have been hacked, and their user list stolen. Usually these lists have your email address and a representation of a password called a hash. In some cases, where the person who programmed the website is a complete idiot not following best practices, it may be a weak hash or it may be in clear text. In those cases the hackers (and anyone with the database) has access to your password for that website.
This affects you in two ways:
1: On that website. If they can log in as you and get access to things like your full name, address, parts of your credit card number they can use that to compromise your identity further to steal from you or use you to steal from others. This is why it's important that hacks are disclosed publicly quickly.
2. On any other website you use that password on. They're going to try your email + password combo everywhere. If you used the same password on your account for Bob's Pizza and for your bank account, that may mean someone now has access to your online banking.
The big takeaway from this - the #1, I'm going to put in big letters rule is:
NEVER EVER EVER RE-USE PASSWORDS
ESPECIALLY bank and email accounts! Use a password management tool, use a notepad, use mnemonic tricks but never use the same password in two places.
Regarding your email address / email account, being on HIBP doesn't mean anyone has or ever had access to your email - unless one of the sites listed there had the same password as your email account.
I can't for the life of me figure out if just my email address was leaked, or the password as well?
It tells you in the info for the breach what was leaked, at least on most of them.
They can see all my emails.
Only if they somehow got into your email account.
If you mean email address then that's nothing to worry about, email addresses are not private.
Either way the basic guidelines for passwords are:
-
NEVER re-use the same password, every site/service needs a unique strong random password.
-
Use 2FA on important things like your email.
-
Use a password manager, there's no way to remember all your passwords otherwise.
-
Use 2FA on your password manager, use a very strong master password, and make backups of your passwords periodically and store them in an encrypted format.
On sites that let me I aim for a 30 character password randomly generated by my password manager.
Ironically the only sites that don't allow passwords that long are pretty much all of my banking/financial services.
Other than haveibeenpwned.com and KnowBe4, what are you usign to track compromised email accounts? haveibeenpwned.com is getting expensive for us. We are small company.
Is it safe to use haveibeenpwned.com? Do they store the e-mail/phone number you search? Those who understand back-end processing, please enlighten me on the site.
Hello people, this is a scary for me, this email is very old and I really would not like to change, by the history of login attempts, I see people all over the world trying to break into my account, what should I do? I have how to have my email completely secure without having to migrate?
We hear about data breaches so often, it can be a pain to figure out if you are vulnerable. You can use the site https://haveibeenpwned.com/ to find out if your email account may be compromised. You will have to submit your email address to check. Also the website can notify you if your email account may have been compromised.
Edit1: If you do find out you email account is compromised, see if you can still access the account, then change the password as soon as possible to something strong and use a password manager like Last Pass or Keepass to store you passwords.
Also if possible, disable security questions, they tend to be a weakness not a strength in many cases.
Edit2:Also it should be obvious but never tell anyone or any site your password, ever!
does this mean someone has personally logged into my email and looked through my things?
what will happen if my email has been pwned?
my account was involved in a data breach that caused 7 mil emails and passwords to leaked.
please help, i have really bad anxiety so this is killing me