Thread: O/T: internet security question (leaked details)
View Single Post
  #6   Report Post  
Posted to uk.d-i-y
Scott[_17_] Scott[_17_] is offline
external usenet poster
  
Posts: 1,904
Default O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 00:59:43 -0400, Paul
wrote:

wrote:
Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security.

Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co.

Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases).

In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password.

Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7.

Thanks. Ant.

I think it's pretty safe to assume some aspect
of this "small company" website is compromised.

Small companies rent everything. They can't even
rent a clue.

I generate long, random, password sequences for each
Internet account created. They're a pain to type in, but I
keep a stack of pieces of paper with the new ones
printed on it.

Why would you need pieces of paper? Can you not use a program that
saves passwords in an encrypted form. What happens if someone breaks
into your house and steals the pieces of paper? Mine uses military
security and allows you to view, cut and paste the passwords as
required.
Reply With QuoteReply With Quote