Have I Been Pwned adds 284M accounts stolen by infostealer malware
-
Finally, a data breach that doesn't include me. Good to know I dodged it.
-
my email has been in several breaches, for example trillian chat that i have never even heard of, and some virtual keyboard i definitely have not installed.....should i suspect malware?
-
I found the stupid piece of malware that leaked my info.
TrojanDownloader:MSIL/FormBook.D!MTB
Installed alongside a pirated photo editing software back in 2021
-
I just always assume my info has been leaked and use randomly generated passwords and 2FA where possible as well as “not-real” security questions.
-
I've gotten a lot less spam calls since I started using the Google assist call screener. I get legitimate calls that hang up because my idiot ops guys can't listen to the recording and say what they need to when they call me direct instead of my office redirect line, but it also seems to chase off the spammers if they know their AI has to get through my AI to even have a chance at trying to scam me, since I'm a harder target than average.
-
Another thing that helps is to answer and immediately mute your line so the caller only hears an empty line. Spam dialers hang up and eventually mark the number as invalid, and most people who are real callers will prompt with a hello or something. I did that for a while before I got the Google call screen, which cut it down even more.
-
Mine just said it was found, but no domains were associated. So... Yea. I don't know what it has, and the inability to query it for more information sucks.
-
Just checked my emails and both were pwned. Bummer
-
I don't think that's guaranteed to be true.
A very old email of mine which I haven't used in many years was in the breach.
None of my other email addresses were in there, so it's highly unlikely that I was affected by this malware in the last decade.
That email has been in many other breaches however, so I wouldn't be surprised if somebody who had access to an old dump was infected.
My money's on some random skid who downloaded an old database dump and got infected when they downloaded some bad warez.Either that, or this includes credentials from people who had the malware 15+ years ago.
-
You're not alone. I'm on the list, but no domain data and I don't have the 'stealer log entries' available.
-
Its the opposite for me, first time I actually got caught in one.
-
Rent a domain
Set up email
Use a unique address for every websiteI usually pick the domain of the website as the username part.
So if, say, I have email set up on lemmy.cafe and want to sign up to flatearth.com - I'd probably use flatearth.com@lemmy.cafe for an email address. If they ever leak it - I'll be reveiving spam sent to this address.
In the six years of hosting my own email I've only had one such occurence when namecheap got breached. It was nice being able to tell where the culprit was!
-
Thanks, I finally found it. I was already subscribed and verified, but still couldn't find this anywhere. To get to it I had to:
- Signup again from the HIBP website
- Get the verification email telling me I was already verified
- Click through it
- Scroll to the VERY bottom of the page and find the stealer logs.
My natural question is of course how my credentials were stolen logging into gmail.com (yay 2-factor), but at least know I know that's where I need to change my password.
-
Then they must have tried your password and saved it to one of a specific number of places. Infostealers are by definition a class of malware, which means it's got to be installed somewhere with access to the directory storing the credential.
Or it was from an old computer, or mislabeled.
https://www.youtube.com/watch?v=L3f9do5mtT8
Here's a good talk on infostealers for anyone curious.
-
As another poster detailed, this is not a company that exposed your info: these credentials are all from stealer logs, which are logs of credentials stolen by keyloggers installed on machines. If your credentials were in this report, it means that you've entered that username and password on a machine with malware on it. Could be your personal machine, or it could be some other computer you've used.
-
That's true. My point was just that the important thing here is knowing personally which domains were affected so one can personally change those sets of credentials. If I don't know which of my credentials leaked then there's no value to me.
I was able to finally get access and did change the specific credential that had leaked (again, not assigning blame to any specific site here).
