DarkWeb Email warning

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

DarkWeb Email warning

Post by 32wildbilly » Sun Jul 14, 2019 6:55 am

So I get an email today from the credit monitoring service provided by one of my credit cards saying they found our email address on the darkweb. The email included a click here button. I did NOT use the click here in the email instead I went to my credit card website directly and entered the monitoring site. Sure enough found a warning that our email had been found on a darkweb site due to a hack of the MyFitness app back in Feb 2018. The note suggested changing the password for the email even though the warning said "password not exposed" and "You should reset the passwords for your email account along with the password for any other accounts associated with your email address."

I deleted the MyFitness app due to not using(cause I'm a fat-ass) and because of news of their hack. I cannot find my log in info for use of that app, but I know I put nothing personal in there and what I did put was fake information other than the email. At this point I can't even find the password I used for this app.

Does the warning mean any website that uses our email to reply to(such as billing websites, amazon, eBay, etc...) need to have those pass words changed?

Is the sky falling?
Never gonna make you cry...

User avatar
DBJoe996
OG (First 100 Outposters!)
Posts: 161
Joined: Thu Feb 08, 2018 10:47 am
Location: Ormond Beach, Florida, USA

Re: DarkWeb Email warning

Post by DBJoe996 » Sun Jul 14, 2019 7:16 am

No, the sky is not falling. I would venture to say that the only thing exposed was your email address, nothing else. Just monitor your incoming email and never ever click on any links in an email. So you did the right thing.

User avatar
DTMiller
"Special"
Posts: 821
Joined: Fri Jan 05, 2018 8:50 pm
Location: Mechanicsburg, PA
Contact:

Re: DarkWeb Email warning

Post by DTMiller » Sun Jul 14, 2019 7:32 am

If you don't click those links how will you know about the hot teens in your area who want to hook up tonight?
2002 Guards Red Targa, Fister exhaust, H&R Sport Springs, semisolid motor mounts
1997 MX-5 track car
Friday at the Track, Chin Trackdays, SCCA WDCR Novice Classroom Instructor, SCDA, Audi Club Potomac, TrackDaze HPDE Instructor
June 16, 2017 Funland GoKart Champion (6:13 p.m. main event)
Willing to risk life for track time

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

Re: DarkWeb Email warning

Post by 32wildbilly » Sun Jul 14, 2019 8:23 am

DTMiller wrote: Sun Jul 14, 2019 7:32 am If you don't click those links how will you know about the hot teens in your area who want to hook up tonight?
Eggzackery!
Never gonna make you cry...

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: DarkWeb Email warning

Post by gnat » Sun Jul 14, 2019 9:04 am

32wildbilly wrote: Sun Jul 14, 2019 6:55 am Does the warning mean any website that uses our email to reply to(such as billing websites, amazon, eBay, etc...) need to have those pass words changed?
tldr; If they aren't using the same email or password, then you should be OK, but it's good practice to do it anyway.

It's good practice to change your passwords regularly (like every month or two), but most people never change them unless forced to. It's also good practice to not use the same password for more than one account, but people reuse passwords all the time. Then there are suggestions about strong passwords that no one ever uses because then you can't remember the password.

Password utilities (like LastPass, 1Password, and plenty of others) can be helpful in this regard as they will fill in your password when needed so it becomes possible to use strong unique randomly generated passwords since you need not know them. Additionally most have tools to show you passwords that have not been changed recently as well as relative strength of the password. Some even include tools to automate changing your password so it's even less of a hassle to update them.

User avatar
5chn3ll
Six shots...or only five?
Posts: 4640
Joined: Fri Jan 05, 2018 4:35 pm

Re: DarkWeb Email warning

Post by 5chn3ll » Mon Jul 15, 2019 9:11 am

Also, employ two-factor auth for the two systems that can sink you: your banking and your primary email account (imagine how boned you would be if your email account was hacked). Google auth on Android is REALLY nicely integrated. Ensuring that 2-factor authorization is required when you log in from a new device guarantees that you can prevent someone from accessing your account...AND you know it's happening.

Understeer: You will hit the wall with the front end.
Oversteer: You will hit the wall with the rear end.
Horsepower: How hard you will hit the wall.
Torque: How far you will move the wall.

Gone hunting with Alec Baldwin and Dick Cheney. Back soon.

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: DarkWeb Email warning

Post by gnat » Mon Jul 15, 2019 9:59 am

If only 2FA was consistent and used good systems. Most want to text or email me a PIN every time I login. Hell even the same company isn't consistent. For example Google has a really robust 2FA setup for your Google Account, but the only 2FA options Nest wants to give me are email or text :roll:

The main thing you have to understand before setting 2FA up is what happens if you don't have it available and need to get in? Some are easy (which defeats the purpose) and others leave you totally hosed.

I spent 2 weeks not having access to my email due to screwing up my phone. The first 2FA prompt is for it to send a popup notification to the phone, no phone. The second option I was using was Google Authenticator which is an app on the phone, so no dice there either. The final option they had was to text a code to me, ...

User avatar
5chn3ll
Six shots...or only five?
Posts: 4640
Joined: Fri Jan 05, 2018 4:35 pm

Re: DarkWeb Email warning

Post by 5chn3ll » Mon Jul 15, 2019 10:28 am

When you set up 2FA - like with Google - you'll always have the option to print out a set of backup codes. It's a stupid hassle, but it's better than having someone own your domains or DNS because your have shitty email security.

Tip: Every time you enroll a new service with Authenticator, scan the enrollment QR code with two devices at the same time. I have Authenticator on both my iPad and Android phone - if one of them dies or gets lost, Authenticator on the other still gives me access to everything.

Understeer: You will hit the wall with the front end.
Oversteer: You will hit the wall with the rear end.
Horsepower: How hard you will hit the wall.
Torque: How far you will move the wall.

Gone hunting with Alec Baldwin and Dick Cheney. Back soon.

Kalashnikov
OG (First 100 Outposters!)
Posts: 1020
Joined: Tue Jan 16, 2018 1:04 pm
Location: Phoenix, AZ

Re: DarkWeb Email warning

Post by Kalashnikov » Mon Jul 15, 2019 2:01 pm

Capital one instituted this warning last year. I had 6 hits on it, didn't bother me at all.

User avatar
Black-Out
NG (Second 100 Outposters!)
Posts: 107
Joined: Thu Mar 22, 2018 10:18 am

Re: DarkWeb Email warning

Post by Black-Out » Mon Sep 09, 2019 5:33 pm

32wildbilly wrote: Sun Jul 14, 2019 6:55 am So I get an email today from the credit monitoring service provided by one of my credit cards saying they found our email address on the darkweb. The email included a click here button. I did NOT use the click here in the email instead I went to my credit card website directly and entered the monitoring site. Sure enough found a warning that our email had been found on a darkweb site due to a hack of the MyFitness app back in Feb 2018. The note suggested changing the password for the email even though the warning said "password not exposed" and "You should reset the passwords for your email account along with the password for any other accounts associated with your email address."

I deleted the MyFitness app due to not using(cause I'm a fat-ass) and because of news of their hack. I cannot find my log in info for use of that app, but I know I put nothing personal in there and what I did put was fake information other than the email. At this point I can't even find the password I used for this app.

Does the warning mean any website that uses our email to reply to(such as billing websites, amazon, eBay, etc...) need to have those pass words changed?

Is the sky falling?



Just as a rule of thumb, if I come across an email I am unfamiliar with or feels like its fishy I will hold the pointer over the senders name in the email. This reveals the senders name and its just a quick check to help see if you're dealing with a legit company. For example I had an email show up in my box claiming I had an account about to be locked down with wells fargo. I have 1 account with them and it's a loan account so immediately I was skeptical knowing that I had no issues with my account standing. I held the pointer over the sender and the actual sender was not wells fargo (although that's what it said on the header) and I immediately googled the scam, sent a screen shot of the actual email and sent it to well fargo fraud prevention on their legit web site. Then I deleted the email, but not before sending them a short fuck you letter.......childish? sure, But it made me feel better....lol
William-
Current Ridez:
87' Dodge Conquest TSi
88' BMW 635CSi
89' Merkur XR4Ti
90' Mitsubishi 3000GT VR-4
95' BMW M3
99' BMW 328i Sedan
00' BMW 528i Sedan
00' Pontiac Fire Hawk Trans-Am
01' Audi S4 Twin Turbo
02' Porsche 911 Carrera
08' BMW 335i Coupe
10' Mercedes Benz E350 4-Matic AMG Sport

Post Reply