We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help! Data breach notification
Options
Morbier
Posts: 636 Forumite
in Techie Stuff
I registered with Haveibeenpwned.com last year and a couple of weeks ago I had an email from them saying my email address had been exposed in a data breach, relating to a MyFitnessPal app which I downloaded about 6 years ago. Hardly used it and deleted it not long after.
As a result, I've now changed all my passwords and enabled two factor authentication (as they advise) and thought that was enough. However, one of my regular email contacts has just let me know that she had an email yesterday which looked as though it might be from me, but she knew it didn't sound like me. It wasn't.
Can anyone explain what has happened? If this is connected to the data breach, I don't understand how they've got my contacts list? :eek:
As a result, I've now changed all my passwords and enabled two factor authentication (as they advise) and thought that was enough. However, one of my regular email contacts has just let me know that she had an email yesterday which looked as though it might be from me, but she knew it didn't sound like me. It wasn't.
Can anyone explain what has happened? If this is connected to the data breach, I don't understand how they've got my contacts list? :eek:
I can't imagine a life without cheese. (Nigel Slater)
0
Comments
-
You need to ask her what she means by 'looks like it might be from you'.
Either she or you may have a virus.
It could only be connected to the data breach if you uploaded your contacts to the app, or used your normal email password.0 -
Has the other person checked on https://www.haveibeenpwned.com ? The sender on an email can be easily spoofed BTW.0
-
Zx81 and Colin_Maybe - thanks for your replies.
I've asked my friend to tell me what the email said (she knew it wasn't me as the greeting we use was missing). I've also asked her to check her own email on haveibeenpwned.com.
Not sure what you mean by my email password? Didn't know I had one. Is it linked to my Apple ID? (I use Apple's default email and all my devices are Apple).I can't imagine a life without cheese. (Nigel Slater)0 -
I can send an email that looks like it was you just by changing the name and the reply address in my email client settings. When it lands in their inbox it will say it is from you. Therefore as you can gather you'll find that that part of the email means nothing.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0
-
Look up "joe jobs".
I get a lot of emails that look as though they could be from friends/acquaintances, if you don't know what you are looking at.
The likelihood is that the name has been harvested from an app with access to one of your friends Facebook/LinkedIn connection lists and the email address is completely made up, e.g. Joe Bloggs <joe.bloggsv@example.com> will display as "from" Joe Bloggs, but it isn't really and the email address won't work0 -
'Someone' has a virus or other malware on their computer which has harvested their list of contacts.
Now the receiver of these contacts has sent this email to one person on the list , pretending to be a different person from the list (spoofing the address) .. In the hope that the receiver is more likely to open attachments or follow links ..
It is the standard modus operandi of newbie 'hackers' testing their skills
Nothing you can do about it unfortunately.0 -
'Someone' has a virus or other malware on their computer which has harvested their list of contacts.
Now the receiver of these contacts has sent this email to one person on the list , pretending to be a different person from the list (spoofing the address) .. In the hope that the receiver is more likely to open attachments or follow links ..
It is the standard modus operandi of newbie 'hackers' testing their skills
Nothing you can do about it unfortunately.
In a strange way, I hope that's what has happened. At least it means I've done nothing wrong!
I also check email addresses especially if there is an attachment. Never had anything vitally important in an attachment, so if I'm the least bit suspicious, I delete it.
Thanks everyone for your help.I can't imagine a life without cheese. (Nigel Slater)0 -
I registered with Haveibeenpwned.com last year and a couple of weeks ago I had an email from them saying my email address had been exposed in a data breach, relating to a MyFitnessPal app which I downloaded about 6 years ago. Hardly used it and deleted it not long after.
As a result, I've now changed all my passwords and enabled two factor authentication (as they advise) and thought that was enough. However, one of my regular email contacts has just let me know that she had an email yesterday which looked as though it might be from me, but she knew it didn't sound like me. It wasn't.
Can anyone explain what has happened? If this is connected to the data breach, I don't understand how they've got my contacts list? :eek:
It won't be from you. It will look like its from you due to something called "Spoofing". The return address will be a totally different address. Nothing you can do about that, just tell them to ignore the e-mail and delete it.0 -
It won't be from you. It will look like its from you due to something called "Spoofing". The return address will be a totally different address. Nothing you can do about that, just tell them to ignore the e-mail and delete it.
Thanks. I'm learning a lot of new terminology! I have warned all my regular contacts. I always thought I was fairly good at internet security but it seems 'they' can get through just the same.
What a world we live in when the thieves don't have to move from their house to come and burgle mine. Very sad.I can't imagine a life without cheese. (Nigel Slater)0 -
Thanks. I'm learning a lot of new terminology! I have warned all my regular contacts. I always thought I was fairly good at internet security but it seems 'they' can get through just the same.
What a world we live in when the thieves don't have to move from their house to come and burgle mine. Very sad.
Yeah, it won't be anything you've done wrong. They'll have just seen your e-mail somewhere and then they "spoof" it. Quite easy to do. I've even seen people fall for it and actively reply to said spoof and not noticed the bogus address it's going back to
If you Google "E-mail headers and how to read them" you'll be able to look a the headers of these spoofed e-mail. The "Return Path" is the real address it came from.
If the "Return Path" is the actual original e-mail box of your friend, then it normally shows that their mailbox has been compromised.
So if it says From john.doe@gmail.com and the return path is john.doe@gmail.com then it means their mailbox has been compromised and they are actively sending spam from john.doe's mailbox.0
![[Deleted User]](https://us-noi.v-cdn.net/6031891/uploads/defaultavatar/nFA7H6UNOO0N5.jpg)
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards