We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Check to see if your login is compromised

S0litaire
Posts: 3,535 Forumite


Just a quick warning and some good housekeeping 
I got an email form Amazon last night saying it found my login email address on a list of compromised accounts (the compromised list was NOT directly Amazon related) but since the login address was the same, they reset my password as a precaution and asked me to login and use the "recover my password" option to change my password.
I checked with Amazon customer support and the email IS legit. As a security precaution they have started to check the Users logins against known lists of compromised accounts which can be found on the internet.
Seems their was a couple of hacks over Christmas, I think Dropbox (not sure) and a few other sites were hit.
Now I found a site called https://www.pwnedlist.com they have a free service that lets you log 3 email addresses to check and will alert you if they ever pop up on any on a list of compromised accounts. This is the company behind "LastPass Sentry" feature in Lastpass.
Other sites that do something like this are:
https://haveibeenpwned.com/
https://breachalarm.com/
I put my Amazon email in and it popped up in 4 places:
One of them was sort of OK since the password associated with it was encrypted. (it was a forum site which I changed the password ages ago before i cancelled the account on the forum)
The other was from the Adobe hack a few months ago and the password was stored in plaintext!?! (I changed this password when the Adobe hack was announced!)
The last 2 looked like they were scrapped from the adobe list.
It's a good reminder to keep an eye on your email addresses and change passwords regularly! Saying that I've just checked the Username / passwords stored on my browser and found out of the 1000 logins over 100 are using the compromised Username and password. >_< most are old sites that either closed down years ago or have no personal information but a few might. >_<
So I'll be spending most of they day going through the 100+ accounts and making sure the passwords are changed. (if the sites still exist!)

I got an email form Amazon last night saying it found my login email address on a list of compromised accounts (the compromised list was NOT directly Amazon related) but since the login address was the same, they reset my password as a precaution and asked me to login and use the "recover my password" option to change my password.
I checked with Amazon customer support and the email IS legit. As a security precaution they have started to check the Users logins against known lists of compromised accounts which can be found on the internet.
Seems their was a couple of hacks over Christmas, I think Dropbox (not sure) and a few other sites were hit.
Now I found a site called https://www.pwnedlist.com they have a free service that lets you log 3 email addresses to check and will alert you if they ever pop up on any on a list of compromised accounts. This is the company behind "LastPass Sentry" feature in Lastpass.
Other sites that do something like this are:
https://haveibeenpwned.com/
https://breachalarm.com/
I put my Amazon email in and it popped up in 4 places:
One of them was sort of OK since the password associated with it was encrypted. (it was a forum site which I changed the password ages ago before i cancelled the account on the forum)
The other was from the Adobe hack a few months ago and the password was stored in plaintext!?! (I changed this password when the Adobe hack was announced!)
The last 2 looked like they were scrapped from the adobe list.
It's a good reminder to keep an eye on your email addresses and change passwords regularly! Saying that I've just checked the Username / passwords stored on my browser and found out of the 1000 logins over 100 are using the compromised Username and password. >_< most are old sites that either closed down years ago or have no personal information but a few might. >_<
So I'll be spending most of they day going through the 100+ accounts and making sure the passwords are changed. (if the sites still exist!)
Laters
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
0
Comments
-
I got an email form Amazon last night saying it found my login email address on a list of compromised accounts (the compromised list was NOT directly Amazon related) but since the login address was the same, they reset my password as a precaution and asked me to login and use the "recover my password" option to change my password.
One more reason for having your own domain and having different email addresses for every single login.0 -
I found using a wildcard name on domain emails resulted in spam so reverted to just using a few names with each domain.
I am guilty of using the same email on multiple sites though. I sould probably use disposable emails such as https://www.guerrillamail.com/ for signups and the like but for the most part cba.
I put my 3 most commonly used emails in pwnedlist and am happy that I don't have to spend all day changing passwords as there was nothing reported.0 -
I had some spam like this supposedly from Amazon this week, but "view source" revealed otherwise. I'd be very wary of sites offering to check for me - they're probably collecting valid email addresses (because why would someone be concerned about a fake email address?) so they can send them more spam!0
-
One more reason for having your own domain and having different email addresses for every single login.
Oddly enough I do have my own domain name (well a few) the compromised one is my oldest and the one I mainly use for forums and non important sites! Over 10 years worth of logins mount upLaters
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"0 -
Hedgehog99 wrote: »I had some spam like this supposedly from Amazon this week, but "view source" revealed otherwise. I'd be very wary of sites offering to check for me - they're probably collecting valid email addresses (because why would someone be concerned about a fake email address?) so they can send them more spam!
The main one I wrote about in my post works with LastPass so they are not that much of a risk.
It's also a good way of alerting you if one of your main email addresses (I.e. the one you use to log in to your online email for instance) is compromised in some way if the host is attacked.Laters
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"0 -
Personally I use 4 different email addresses and NEVER use the same password.
Most of my passwords are stored by my browser under a master password, except for anything money related like online banking and Paypal.“I may not agree with you, but I will defend to the death your right to make an a** of yourself.”
<><><><><><><><><<><><><><><><><><><><><><> Don't forget to like and subscribe \/ \/ \/0 -
It was last discovered approximately 1 years ago, on 2013-11-11.
Oh noes!!!0 -
kwikbreaks wrote: »I found using a wildcard name on domain emails resulted in spam so reverted to just using a few names with each domain.
The trick is to create a subdomain and set up the catchall there. It's highly unlikely someone guesses the name of the subdomain as it is not in the whois database.Oddly enough I do have my own domain name (well a few) the compromised one is my oldest and the one I mainly use for forums and non important sites! Over 10 years worth of logins mount up
See above. I have a different email for every website.0 -
Changed my Amazon pass in the New Year, after I saw a news item about possible breach for them.
Are multiple e-mail accounts any wiser than just having seperate strong passwords for every site (and your e-mail account), with LastPass? I have passwords 12 to 16 characters, mixed random upper/lower case and numbers.0 -
Changed my Amazon pass in the New Year, after I saw a news item about possible breach for them.
Are multiple e-mail accounts any wiser than just having seperate strong passwords for every site (and your e-mail account), with LastPass? I have passwords 12 to 16 characters, mixed random upper/lower case and numbers.
I would think so because the attacker has to guess both, the email AND the password.
Having different emails also has the advantage that you know who leaked your email address to spammers. Then just create a filter for that email address.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards