What's new
Fantasy Football - Footballguys Forums

Welcome to Our Forums. Once you've registered and logged in, you're primed to talk football, among other topics, with the sharpest and most experienced fantasy players on the internet.

Site to check/notify if email is part of a data breach (1 Viewer)

GregR

GregR

Footballguy
Came across this site today, https://haveibeenpwned.com/ that will tell you which known data breaches your email has been compromised by, and what was reported taken. Found out about one that impacted me that I wasn't aware of.

Also you can set up to be notified if your email is part of a future breach.

 
I apologize for my complete lack of computer knowledge. I'd like to actually try this website--but the thought just occurred to me about the possibility of a site like this to be a pub for data breachers to accumulate email addresses.   I was just wondering if a computer savvy person would comment on the safety of a site like this before I try it out.  TIA. 

 
jvdesigns2002 said:
I apologize for my complete lack of computer knowledge. I'd like to actually try this website--but the thought just occurred to me about the possibility of a site like this to be a pub for data breachers to accumulate email addresses.   I was just wondering if a computer savvy person would comment on the safety of a site like this before I try it out.  TIA. 
Click to expand...
Yeah, I thought that too.  Like one of those free websites that offers to store all your passwords in one place.  Suckers. 

 
How do I know the site isn't just harvesting searched email addresses?

You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it.
Click to expand...
 
jvdesigns2002 said:
I apologize for my complete lack of computer knowledge. I'd like to actually try this website--but the thought just occurred to me about the possibility of a site like this to be a pub for data breachers to accumulate email addresses.   I was just wondering if a computer savvy person would comment on the safety of a site like this before I try it out.  TIA. 
Click to expand...
You are not supplying the site with any credentials to do the search. Just entering your email address and it (presumably) searches the list of all compromised emails released by the 192 breached sites they are aware of, and tells you if it finds it there.

So if they wanted to be malicious the only gain they'd have is just knowing your email exists and someone cares about it, and I guess probably what IP you connected from.

I haven't signed up for notifications yet so don't know if you create a login, but if you do just use a unique password same as you would any other site.

 
One thing if you haven't considered this, is reuse of security questions on different sites.  One of the emails that I used on a hacked site, the report said the hack included security question answers.

Thinking if I even use those in the future I'm going to have to come up with something to ensure they are unique across sites even if the question is the same.  Which... is pretty much just turning it into yet another password, doh!

 
GregR said:
One thing if you haven't considered this, is reuse of security questions on different sites.  One of the emails that I used on a hacked site, the report said the hack included security question answers.

Thinking if I even use those in the future I'm going to have to come up with something to ensure they are unique across sites even if the question is the same.  Which... is pretty much just turning it into yet another password, doh!
Click to expand...
I use two factor authentication when available(code sent by text message), so unless/until someone clones my phone I feel a LITTLE safer. 

 
BowieMercs said:
I use two factor authentication when available(code sent by text message), so unless/until someone clones my phone I feel a LITTLE safer. 
Click to expand...
There are ways to circumvent that, but it indeed is significantly more secure than single factor auth.

Also, if you have an email address from Yahoo, you've been owned and will continue to be owned for quite sometime.

 
Also, if you've been owned, consider using a password manager that encrypts your passwords and a random password generator (Symantec had a good one online).  Last Pass is pretty popular.  Google encrypts web credentials, so that's not a bad one either.

 
captain_amazing said:
There are ways to circumvent that, but it indeed is significantly more secure than single factor auth.

Also, if you have an email address from Yahoo, you've been owned and will continue to be owned for quite sometime.
Click to expand...
It's also unwise to make public  specific details on your security measures.

OPSEC!

 
captain_amazing said:
Also, if you've been owned, consider using a password manager that encrypts your passwords and a random password generator (Symantec had a good one online).  Last Pass is pretty popular.  Google encrypts web credentials, so that's not a bad one either.
Click to expand...
Also a great idea if you haven't been owned (yet). I had a govt issued IronKey that also securely managed web credentials.

 
Last edited by a moderator:
GregR said:
Came across this site today, https://haveibeenpwned.com/ that will tell you which known data breaches your email has been compromised by, and what was reported taken. Found out about one that impacted me that I wasn't aware of.

Also you can set up to be notified if your email is part of a future breach.
Click to expand...
Pass. Those ideas are huge red flags to me and are a recipe for disaster. 

What do you gain by knowing, that couldn't be accomplished by simply assuming all your emails have been compromised?

 
You must log in or register to reply here.

Similar threads

GordonGekko
Is There A Widespread Growing Mental Health Crisis For Both Adult Men And Teenage Boys? (27/30)
2
Replies
52
Views
2K
Ilov80s
Ilov80s
GordonGekko
How Has The Widespread Normalization Of Social Media Impacted Your Life / Your Children's Lives? (22/30)
Replies
4
Views
382
GordonGekko
GordonGekko
BroncoFreak_2K3
University of Michigan President Mark Schlissel fired by board after investigation
Replies
11
Views
622
Judge Smails
Judge Smails

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top