Goto: Attention Required! | Cloudflare
When I enter my email, the received message states:
"Oh no — pwned! Pwned on 1 breached site and found no pastes (subscribe to search sensitive breaches)"
Is this something to be concerned about?
Not particularly, unless you are privacy concerned.
When you scroll down, it should show, what breaches the warning applies to.
Basically someone knows your email address, so he can send you spam or phishing.
Some breaches might have revealed your password for that webpage, you might want to change it.
Thank you Tairiku Okami,
not able to scroll down so don't have any idea what the breach relates to.
Using a different computer, that is known to be clean, change your passwords. That message looks like spam.
When we receive suspicious looking e-mails, I go to the e-mail server that my ISP uses and view the source code of the e-mail with theIr web based e-mail program. This lets me look at where it came from and if there are other questionable things in the e-mail without opening it. This will also show the code of the attachments. Lately, we’ve been getting e-mails purporting to be from Amazon Prime. They are always seeking personal information and I’ve been able to trace them back to Reunion Island off the coast of Africa. These e-mails get forwarded to Amazon’s stop spam e-mail address, the sending domain is blocked, and deleted from the mail server. Takes time. Is a PIA, but our system stays somewhat protected.
Hi Jamis,
yes I also check the source of emails. This was not an email but an article which led me to check the site mentioned in the
first post (pwned).
Thanks for your comment.
The information attackers get is usually so vast they could not possibly go through it all line by line and match the information to a particular person and nor would they want to. When these attacks occur the act of obtaining the data ie usernames, passwords, email addresses etc is to make money primarily. They can sell tens of thousands, maybe even hundreds of thousands of user information to the highest bidder or simply put it on an underground market for a set price depending on the demand for that information.
You as an individual were not pwned, the website was and in turn your information was leaked through bad practices at whichever website failed to protect your information. Most of these breaches occur when websites are not fully secured and so naturally hackers being hackers, especially black hat hackers, looking for holes is their bread and butter. They find one (or two, or several) and the rest is history. Your information is out there in the open, no doubt replicated lots of times but it's not an individual attack on you. The hackers didn't go after YOU specifically. They went after a website and the spoils for breaking into it was lots and lots of data. And you happened to be among that data with your email address, passwords etc.
So don't be alarmed. Usually when these attacks happen the websites hit are huge. Therefore when attackers get data dumps, they are usually so big that the mathematical probability they chose YOUR username, email, password out of potentially MILLIONS of others is, well, 1 out of how many million user details there are. All that being said I wouldn't sit back and hope it never happens. Someone who buys that data, or obtains it somehow, could begin to cut the whole data dump into sizeable portions that can be of use to their malicious plans. They could whisk down data to, say, more unique chunks which could then make it more likely your stolen information is used.
You should change your password(s) AS SOON AS POSSIBLE. Choose a long password with at least 20 characters containing numbers, upper and lower case alphabetical characters, symbols etc. Passphrases are also just as good, something like golden&-0gates-8merry. As for your email address, change the password on that ASAP as well but you shouldn't worry too much about your email address being compromised as it's a far bigger risk attackers attacking email providers as they tend to have all the resources to make it very difficult for that to happen. Google for example, are among the most profilic cyber security researchers and thus their products are among the most secure. Good luck trying to break into Google. Same can be said for others too.
However, and slightly off-topic here, social engineering is how attackers usually get into your email address. You practically give them your password through phishing attacks, spearphishing attacks (targeted phishing attack) or through a dodgy attachment you download and run. Either way, focus on the passwords primarily but if you do feel concerned you can always change your email address and setup the former as a forwarding account to your new one until you've managed to get everything setup with your new address.
If nithig has signed up for Firefox Monitor:
Firefox Monitor - Frequently asked questions | Firefox Help
Or possibly uses Firefox Lockwise:
Chrome and Firefox will now alert you about data breaches involving your accounts
It uses h**ps://haveibeenpwned.com/ as it's breach database and notifies accordingly.
Another thought came to mind.... Look to see if you have any Browser add-ons that you didn't specifically add. Remove any or all.
Quote