Thread: O/T: internet security question (leaked details)
View Single Post
  #31   Report Post  
Posted to uk.d-i-y
John Rumm John Rumm is offline
external usenet poster
  
Posts: 25,191
Default O/T: internet security question (leaked details)
On 20/07/2020 05:24, wrote:

Five days ago, I placed an online order with a company that I have
used many times, over the years. It's an online supplier of vitamins
and nutritional supplements. My account with that company has login
details (email address and password) that I used to use for pretty
much everything, until various companies enforced changes, to improve
security.

So as a matter of urgency you need to go and update passwords on *all*
of the sites you are registered with, and make sure than the same
credentials are never re-used.

Since when one a site is compromised, automated testing tools will
enable the crooks to check those credentials against 100s of thousands
of other web sites. So its a safe bet that all or most of your accounts
associated with those credentials are now compromised.

[snip]

Clearly, my old, well used email address and password combo has
somehow leaked out into the ether. The question is: how?

Lots of possibilities. If you go enter the relevant email address he

https://haveibeenpwned.com/

it will tell you which public database of hacked credentials it came
from and may give some indication of the source.

You can also test individual passwords he

https://haveibeenpwned.com/Passwords

I can't help
but notice the coincidence of my recent order with the vitamin
company and hot on the heels of that, rogue logins to various
services. Does anyone have a view on the most likely explanation?
Could it be a weakness in the vitamin company's systems/web page,

Could be - it might be the site itself, or often its a weakness in a
third party service that the company (and many others) use.

The Ticketmaster hack being a good example:

https://www.wired.co.uk/article/tick...-monzo-inbenta

dishonesty of an employee at the company,

Also possible - or a sub contracting company, data processor, or even
individual.

or is it more likely to be
something at my end (e.g. keystroke logging malware)?

Also possible but probably less likely - if that were the case you would
expect any interaction with a site that uses those credentials to have
triggered the unexpected logins.

However, I would suggest a sweep with the malwarebytes.org scanner.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote