Experian email and password alert
Gorf123
Posts: 77 Forumite
Hi, all.
I just got an alert from Experian that my email address, and the password I use to access it, is being sold on the open market. I've changed the password just to be safe, and checked which online accounts use that address - none that can be used to rip me off, as it happens.
My question is: How do they know that it's my email password? If they hacked into (say) my Apple account and picked up the password for that account, then they have a password associated with my email address, just not the password required for direct access.
Are they just saying that there is my email address and a password being sold, or is there any further evidence to suggest it's really the email server password?
Thanks for reading...
I just got an alert from Experian that my email address, and the password I use to access it, is being sold on the open market. I've changed the password just to be safe, and checked which online accounts use that address - none that can be used to rip me off, as it happens.
My question is: How do they know that it's my email password? If they hacked into (say) my Apple account and picked up the password for that account, then they have a password associated with my email address, just not the password required for direct access.
Are they just saying that there is my email address and a password being sold, or is there any further evidence to suggest it's really the email server password?
Thanks for reading...
0
Comments
-
Im not sure if im reading this right.
Are you saying that you have had an email from Experian saying that your email address and the password to access your email have been compromised or that the password you use to access experian has been compromised ?
Sounds as if you have picked up a spam email to me.
[STRIKE]DFD - 24th October 2015[/STRIKE] [STRIKE]DFD - 24th March 2015 [/STRIKE]
DEBT FREE 24.03.15
0 -
Looks like Experian will reply themselves, but have had this pointed out.
http://help.creditexpert.co.uk/help/sv635/Identity_fraud/whats_web_monitoring
There are lists online on the black market of email addresses and passwords being sold. Some from leaks or hacks of providers, or other sources. So obviously yours has shown up on a list.What's Web Monitoring?
Our Web Monitoring service is included in your CreditExpert membership.
It uses cutting edge web technology to scan the internet for your personal details (e.g. email address, passport details), searching areas including social media, government registers and illegal black-market sites.
If we find your details we will immediately send you an alert by text message or email, telling you what we’ve found and where. From here, you can review the alerts, get tips on what actions to take and check what details we are monitoring. The more details you give us, the more comprehensive our search will be, and the safer you will be from identity theft and fraud.
At Experian, the most important thing to us is the safety and security of your data and personal information. We take the security of your personal information very seriously. That is why we have partnered with VeriSign Inc. and have been through the rigorous security screening process of the International Computer Security Association (ICSA). We hold your details on our highly secure systems and do not pass them on to anybody else.
Can't imagine Experian would verify the password themselves, but the existence of your email and a purported password on such a list would be enough to raise the alert I would think.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Hi Gorf123Hi, all.
I just got an alert from Experian that my email address, and the password I use to access it, is being sold on the open market. I've changed the password just to be safe, and checked which online accounts use that address - none that can be used to rip me off, as it happens.
My question is: How do they know that it's my email password? If they hacked into (say) my Apple account and picked up the password for that account, then they have a password associated with my email address, just not the password required for direct access.
Are they just saying that there is my email address and a password being sold, or is there any further evidence to suggest it's really the email server password?
Thanks for reading...
I really want to help you with this one to establish why you've received this alert, if you haven't already done so you can click on the more details section of the alert which will explain what to do next once you've received one.
Thank you Fermi for your information, I was just about to response so you beat me to it.
So that I can investigate this further for you, could you please email me with your details (name/dob/address), I would be able to check the notes on your membership to establish the reason why this alert had been sent and how it relates to your email address/password.
Regards
James Jarvis“Official Company Representative
I am an official company representative of Experian. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Posts by James Jones, Neil Stone, Stuart Storey & Joe Standen0 -
Cheers for that Fermi, and James for your postThere are lists online on the black market of email addresses and passwords being sold. Some from leaks or hacks of providers, or other sources. So obviously yours has shown up on a list.
Can't imagine Experian would verify the password themselves, but the existence of your email and a purported password on such a list would be enough to raise the alert I would think.
I just wanted to know the extent of Experian's knowledge of this breach. Is it- the email I used for Experian signup is available for purchase and that it has a password?
- the email I used for Experian signup is available for purchase and it has the password for the mail server.
If, as the wording of the alert suggests, it's the actual email server whose password has been compromised, it's far more worrying because that points to a failure by either my ISP or me.
If Experian's alert had given more information such as "The email address that you signed up with name@domain.com is being sold on the open market using the password passw***" it would be much more help because I can compare my password list to the partial password Experian supplies and say "Right - this breach happened because..."0 -
Hi Gorf123,
Just to clarify, the information that is monitored is set up when you open your CreditExpert membership.
You can choose what information that you would like monitored and add extra information such as bank account information, email address and passport number. This can all be done through the Web monitoring tab when you are logged in to CreditExpert.
We don't ask for any of your passwords though, and don't monitor for the passwords themselves. For security reasons we won't confirm any if your email is found on the web.
When you have the alert that your email has been found we will normally advise that you change your password, as you have done in this case.
If you do have any other concerns about your alert please give us a call on 0800 0138888 so we can help with this.
Kind Regards
Neil“Official Company Representative
I am an official company representative of Experian. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Posts by James Jones, Neil Stone, Stuart Storey & Joe Standen0 -
Im not sure if im reading this right.
Are you saying that you have had an email from Experian saying that your email address and the password to access your email have been compromised or that the password you use to access experian has been compromised ?
Sorry Fevlo - I don't know how I missed your earlier response.
Everyone's reading it wrong, so it must be my explanation that's rubbish.
Experian has sent an email (genuine) referring me to an alert on their site stating that my email address and mail server password have been compromised - specifically:
I want to know what evidence they have to support that it is my email server password that is being sold.High Risk Alert
Your email address and password are being illegally published and sold online.
What have we found?
Your email address g[redacted]@d[redacted]s.co.uk and the password you use to access it
Why do I need to know?
They are being sold together online by illegal black market communities. This puts you at high risk of becoming a victim of fraud.
My adobe account was hacked, along with millions of others. This means that my email address is circulating with a password, but it's not a current password, nor was it ever my mail server password.0 -
You have your own email server?0
-
Sorry Fevlo - I don't know how I missed your earlier response.
Everyone's reading it wrong, so it must be my explanation that's rubbish.
Experian has sent an email (genuine) referring me to an alert on their site stating that my email address and mail server password have been compromised - specifically:
I want to know what evidence they have to support that it is my email server password that is being sold.
My adobe account was hacked, along with millions of others. This means that my email address is circulating with a password, but it's not a current password, nor was it ever my mail server password.
Hi Gorf123
Thank you for confirming those further details, I understand that you want to resolve this issue as quickly as possible, to enable us to help you with the alert you've received, please give our team a call on 0800 0138888, they'll be able to investigate in further detail surrounding this alert and it's contains.
You can find our further contact details here
Regards
James Jarvis“Official Company Representative
I am an official company representative of Experian. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Posts by James Jones, Neil Stone, Stuart Storey & Joe Standen0 -
Sorry Fevlo - I don't know how I missed your earlier response.
Everyone's reading it wrong, so it must be my explanation that's rubbish.
Experian has sent an email (genuine) referring me to an alert on their site stating that my email address and mail server password have been compromised - specifically:
I want to know what evidence they have to support that it is my email server password that is being sold.
My adobe account was hacked, along with millions of others. This means that my email address is circulating with a password, but it's not a current password, nor was it ever my mail server password.
I too have the Experian service and received the same alert today - and have the same question as you i.e. is it really my email password or just a password with my email address.
Did you ever find out what evidence they had?0
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards