On 20/07/2020 05:24,
wrote:
Five days ago, I placed an online order with a company that I have
used many times, over the years. It's an online supplier of vitamins
and nutritional supplements. My account with that company has login
details (email address and password) that I used to use for pretty
much everything, until various companies enforced changes, to improve
security.
So as a matter of urgency you need to go and update passwords on *all*
of the sites you are registered with, and make sure than the same
credentials are never re-used.
Since when one a site is compromised, automated testing tools will
enable the crooks to check those credentials against 100s of thousands
of other web sites. So its a safe bet that all or most of your accounts
associated with those credentials are now compromised.
[snip]
Clearly, my old, well used email address and password combo has
somehow leaked out into the ether. The question is: how?
Lots of possibilities. If you go enter the relevant email address he
https://haveibeenpwned.com/
it will tell you which public database of hacked credentials it came
from and may give some indication of the source.
You can also test individual passwords he
https://haveibeenpwned.com/Passwords
I can't help
but notice the coincidence of my recent order with the vitamin
company and hot on the heels of that, rogue logins to various
services. Does anyone have a view on the most likely explanation?
Could it be a weakness in the vitamin company's systems/web page,
Could be - it might be the site itself, or often its a weakness in a
third party service that the company (and many others) use.
The Ticketmaster hack being a good example:
https://www.wired.co.uk/article/tick...-monzo-inbenta
dishonesty of an employee at the company,
Also possible - or a sub contracting company, data processor, or even
individual.
or is it more likely to be
something at my end (e.g. keystroke logging malware)?
Also possible but probably less likely - if that were the case you would
expect any interaction with a site that uses those credentials to have
triggered the unexpected logins.
However, I would suggest a sweep with the malwarebytes.org scanner.
--
Cheers,
John.
/================================================== ===============\
| Internode Ltd -
http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/