Thread: O/T: internet security question (leaked details)
View Single Post
  #13   Report Post  
Posted to uk.d-i-y
Scott[_17_] Scott[_17_] is offline
external usenet poster
  
Posts: 1,904
Default O/T: internet security question (leaked details)
On Mon, 20 Jul 2020 10:12:31 +0100, Richard
wrote:

On 20/07/2020 09:58, Scott wrote:
On Mon, 20 Jul 2020 08:17:42 +0100, Richard
wrote:

On 20/07/2020 05:24, wrote:
Five days ago, I placed an online order with a company that I have used many times, over the years. It's an online supplier of vitamins and nutritional supplements. My account with that company has login details (email address and password) that I used to use for pretty much everything, until various companies enforced changes, to improve security.

Two days ago I got an email from Spotify, reporting a login from Germany. I set up my Spotify account in 2012 and haven't used it since then, so I was curious. On checking, the login email address and password is the same old combo as for the vitamin co.

Yesterday I got an email from Amazon, warning of a new, suspicious login. Sure enough, my Amazon account uses the old email address and password (all registered credit cards recently expired, so no possibility of rogue purchases).

In the small hours of this morning, I got an email from Netflix, warning of a login in the USA. Same deal with email address and password.

Clearly, my old, well used email address and password combo has somehow leaked out into the ether. The question is: how? I can't help but notice the coincidence of my recent order with the vitamin company and hot on the heels of that, rogue logins to various services. Does anyone have a view on the most likely explanation? Could it be a weakness in the vitamin company's systems/web page, dishonesty of an employee at the company, or is it more likely to be something at my end (e.g. keystroke logging malware)? I run Macaffee on my laptop and use Google Chrome browser with Win 7.

Thanks. Ant.


Stick the email address in he
https://haveibeenpwned.com

Four breaches, only one makes any sense and you have to subscribe to
find out more details. Looks like a con to me.

It is not a con. It is not a "subscription".

Sorry, I read Step 3 ouot of context when it said 'Subscribe to
notifications for any other breaches. Then just change that unique
password'. It's a 30 day free trial then a subscription.

In any case, if the breach only amounts to my email address (which is
pretty widely circulated anyway) and the specific password for the
compromised site (which has presumably reset the passwords anyway), I
don't see a problem.

Good for you.

Good for you if you hand out money every time you see the word
'security'.
Reply With QuoteReply With Quote