Experian email and password alert
Comments
-
I believe the system picked up an email address and password being sold together, I had this a while ago as a forum I was using was hacked but a I have different passwords for every login so I wasn't worried and just changed it.
I don't think they try to verify the password, just that they are saying 'hey someone is selling your login details, we know it's yours as they have your email address' - chances are the password will work on a site somewhere but if you have different passwords for all logins it shouldn't be a huge issue.
Good luck getting it all fixed0 -
Hi Mark87652I too have the Experian service and received the same alert today - and have the same question as you i.e. is it really my email password or just a password with my email address.
Did you ever find out what evidence they had?
I understand you've received the same alert as Gorf123, to enable us to also help resolve the issue and establish why you have received this alert, please give our team a call on Freephone 0800 0138888 they'll be able to investigate this further for you and the contains of the alert.
You can find our further contact details here
Regards
James Jarvis“Official Company Representative
I am an official company representative of Experian. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Posts by James Jones, Neil Stone, Stuart Storey & Joe Standen0 -
Hi, mark87652
No, I didn't find out the evidence they had. I rang as per James' instructions and could not make myself understood (again) nor would they tell me the password that was being sold (for security reasons :rotfl:)
In the end I gave up.
Considering the email address that I used, I am pretty sure that it's my adobe.com login that is being sold and Experian are scaremongering by telling my that it's my email server password that's up for sale. M4rc is absolutely right.0 -
Experian_company_representative wrote: »Hi Mark87652
I understand you've received the same alert as Gorf123, to enable us to also help resolve the issue and establish why you have received this
Regards
James Jarvis
Thanks - I did ring, but like others didn't feel enough detail is provided. The chap on the phone wasn't able to provide any more information than I already had - and no proof that it was my email login password - and not just a password from another hacked site. Indeed when I said I had recently received an email from a site (bettys.co.uk) saying they had been hacked - he said it could be that.Hi, mark87652
No, I didn't find out the evidence they had. I rang as per James' instructions and could not make myself understood (again) nor would they tell me the password that was being sold (for security reasons :rotfl:)
In the end I gave up.
Considering the email address that I used, I am pretty sure that it's my adobe.com login that is being sold and Experian are scaremongering by telling my that it's my email server password that's up for sale. M4rc is absolutely right.
Thanks for the reply - as you can see above - I agree with you and M4rc. Useful service but suggesting it's the email password without offering proof is not ideal.0 -
i think this is marketing bullsh@t the email they refer to for me is the one i use on my credit expert login, so thet know that.
i had the same email telling me to change all passwords on any account i use that email with, funny how its the one email i dont get spam from as i use my business email for most things and get loads of spam and hackers trying to get me to open atachments, but not this one.
could it be a marketing ploy to make you think they are doing a good job looking after you? so you dont go and cancel your subscription?
i phoned them and they would not tell me what site they found it on just that it was a dark site.
i did change my email pw just in case.25th 5th 05 for the 5th time in the 50th final we are the 5th to keep it. Revenge of the 5ith.0 -
High Risk Alert
Your email address and password are being illegally published and sold online.
What have we found?
Your email address g[redacted]@d[redacted]s.co.uk and the password you use to access it
Why do I need to know?
They are being sold together online by illegal black market communities. This puts you at high risk of becoming a victim of fraud.
I got this today and i think this is an absolute disgrace !
How do they know the password used to access the email is the correct password if they do not verify it ?
As others have pointed out, they are simply finding our email addresses and perhaps passwords for any random site that has been hacked, it could be very important or completely harmless. The thing is, we do not know what has been hacked therefore do not know what action to take!
I must have over 100 online accounts amassed over the years (this one now included) which one has been compromised ? how do i know it is even an active account ?
Legally, how can Experian state that "the password you use to access it" without knowing if that is correct ?
A useful service would be to advise of the password that has been found or at least some random letters of the password so we would perhaps be able to work it out!
An entirely unuseful and unhelpful service is what they are providing by pointing out this information and in my opinion it is illegal and at the very least immoral.
Can any Experian representative please confirm if the company or any affiliated business gains financially from phoning that number ?0 -
Dave_Bassett wrote: »
I got this today and i think this is an absolute disgrace !
I guess the alternative is not being told anything. I don't think it's a disgrace though, it's good to know. I believe they tell you what they find, if there are details of a site they can use your login details on they will be included but generally when details are sold / shared online it's in bulk and it's simply and email address and password. The good stuff is t going to be given out like that, it will be the less useful stuff that people have to work harder to use, so people will set about using email addresses and passwords from the list to see if they work on various sites. I understand there is software that will try it for them to speed up the process.Dave_Bassett wrote: »How do they know the password used to access the email is the correct password if they do not verify it ?
They don't, again the alternative is to not tell you anything, and hats not very helpful either. They know it's your email address so they are saying 'hey, we don't have much to go on but so you know there's a chance your details are being sold online'. It's up to you what you do with that.Dave_Bassett wrote: »As others have pointed out, they are simply finding our email addresses and perhaps passwords for any random site that has been hacked, it could be very important or completely harmless. The thing is, we do not know what has been hacked therefore do not know what action to take!
There are several sites you can use online that will search your for an email address or login name against found lists being sold or shared, I suspect this is similar. In some cases the search will throw up the site and all the details, in other cases just your email address on a list, all they can share with you is what they find.Dave_Bassett wrote: »I must have over 100 online accounts amassed over the years (this one now included) which one has been compromised ? how do i know it is even an active account ?
Again you don't, if every account has a different password you should be fine but if not hen start changing your password on any popular and/or important accounts - anything that could cost you money is the place to start. The fact is if you only use the same password everywhere then your details are being sold or shared online and you could well find you have an account accessed somewhere soon.
On the flip side, these lists are huge in size and quantity, and people want the juicy stuff, there is a good chance nobody will ever bother with your email address and you shouldn't worry. The most important will be your email account if you use the same password to login to sites and your email, as that will give them so much access to so much stuff - so change it and keep it unique.Dave_Bassett wrote: »Legally, how can Experian state that "the password you use to access it" without knowing if that is correct ?
Not sure that's any more illegal than if I said I have found your email address for sale online. Why would they have a legal obligation? They are doing you a favour, you don't need to pay to find out more, they are telling you all they know.Dave_Bassett wrote: »A useful service would be to advise of the password that has been found or at least some random letters of the password so we would perhaps be able to work it out!
An entirely unuseful and unhelpful service is what they are providing by pointing out this information and in my opinion it is illegal and at the very least immoral.
Illegal how? What law says you can't warn someone they may get hacked? Nobody can give you information they don't have, they have shared what they know, the fact your details are on a list somewhere should tell you you need to start using multiple passwords and watching out for signs your accounts have been accessed. If Experian were testing he information they have on hundreds of sites to find out where the details worked I could understand people getting upset, but they are not doing this, they are not trying to varify anything, they are simply saying 'watch out'.
Many people have had their details shared this year as there have been some big data loses, the Adobe one being one of the biggest. My details were on there but I had a password unique to that site so wasn't bothered, I won't be going back though!0 -
Hi,
I stumbled on this thread after getting the same high risk alert from Experian. What I think they need to do is submit proof to the user to prove that they are finding the said details online.
In May 2015 I signed up to Experian and 1 week later I got this High risk alert to say they had found my email address and password online.
Last week Nov 2015 I cancelled my Experian subscription and behold I get emailed this same high risk alert to state that my email address and password are again being sold online?
To me it seems Experian are creating these alerts to scare monger people in to keeping their service. If Experian wish to comment on my case please do but I will not be calling your team as they cannot give any more detail. What Experian need to do is provide evidence in the users account to suggest that they really have found users details online IE website it was encountered on and a partial password so it can the be confirmed?
It is definite underhand tactic that Experian are using and I have a good mind to make a complaint? to whom I am undecided but the FSCA springs to mind.
Oh and for reference Experian, my day job is network and email security, I have taken a quick search through the dark web and have found no details or reference to my email address or password? When I have more time tonight I will search in more depth and post an update.
Regards0 -
Yeah,
A bit of scare mungering I think. They did not respond to your message did they?
I did change my password a few months ago and having a notification of someone checking my credit profile I logged in today and saw the warnings again. It really is not good I don't think as it sounds when we call them they tell us no more than what we already know.0 -
I've just had the exact same message, 48 hours after joining up. I work in ICT security and I am very, very sceptical that their claims are true. I have asked for full details.
If this is just a scam then it really should be criminal in my opinion. Cyber security is not a joke, particularly for those of us who's careers depend on it. You should not be allowed to pretend to have uncovered crimes when you have not.
If they have indeed found my password and login details online somewhere then they should tell me exactly where they found them. If some company contacted you to say they had found a copy of your house keys you would expect them to give more details wouldn't you? You would not just change your locks and forget about it.
I would love to hear the opinions of other forum members as to the legality of these claims if they are as I suspect completely fabricated.0
Categories
- All Categories
- 343K Banking & Borrowing
- 250K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.1K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards