Have I Been Pwned adds 284M accounts stolen by infostealer malware
-
There has likely been an evolution of war dialers. It's probably easier to blast through every possible number once a year, and sell a list of every valid number. Targeting specific area codes is probably faster and would avoid some legal problems.
-
Huh. You think read receipts via RCS could make it worse? Obviously Google would probably have to make an exception to allow for this but hey "
Don't Be Evil" -
You could in the past (until around 1-2 years ago). I don’t know why it changed, though.
-
I have no idea, unfortunately. Tinkering with phones and ways to exploit messaging is something I haven't done in a number of years.
My first guess would be yes? If you ever get a blank email with only the subject line of "Hi", "Hello" or similar, it is simply a test to see if your email address is valid. It's not a stretch to assume there are also simple ways to verify valid numbers that can also recieve text messages.
-
This is a really dumb fix that I started using several months ago when I was getting 5 or 6 spam calls a day.
I would answer, and if they asked for my name or whoever lives at my address I would tell them they have the wrong number, I'm not them, I don't have a house, whatever. Anything to make them positively sure that the person they are looking for does not exist here. Within 1 week the calls dropped off significantly. Now, about 5 months later I get maybe one call per month.
-
I don't understand how to find out which specific sites had my data leaked. Without that I can't take any action.
I'm subscribed to email alerts but the alert did not include any details like the article said it would. -
Use the 'Notify me' option and verify your email address, and then it will show the expanded list of domains that were exposed from the malware:
-
The blog post regarding this "dump" suggests that it was actually from malware, so the answer to "Does that mean malware was once on your system?" is likely to be Yes.
https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/ -
For stealerlogs yes, it means malware was on your system, and exfiltrated data, typically from your browsers.
-
Likely perhaps, but this email address hasn't been actively used by me in over a decade, which means either this dataset is extremely old, or the holders of the data had been compromised by malware when they were attempting to gain access to whatever website.
-
Finally, a data breach that doesn't include me. Good to know I dodged it.
-
my email has been in several breaches, for example trillian chat that i have never even heard of, and some virtual keyboard i definitely have not installed.....should i suspect malware?
-
I found the stupid piece of malware that leaked my info.
TrojanDownloader:MSIL/FormBook.D!MTB
Installed alongside a pirated photo editing software back in 2021
-
I just always assume my info has been leaked and use randomly generated passwords and 2FA where possible as well as “not-real” security questions.
-
I've gotten a lot less spam calls since I started using the Google assist call screener. I get legitimate calls that hang up because my idiot ops guys can't listen to the recording and say what they need to when they call me direct instead of my office redirect line, but it also seems to chase off the spammers if they know their AI has to get through my AI to even have a chance at trying to scam me, since I'm a harder target than average.
-
Another thing that helps is to answer and immediately mute your line so the caller only hears an empty line. Spam dialers hang up and eventually mark the number as invalid, and most people who are real callers will prompt with a hello or something. I did that for a while before I got the Google call screen, which cut it down even more.
-
Mine just said it was found, but no domains were associated. So... Yea. I don't know what it has, and the inability to query it for more information sucks.
-
Just checked my emails and both were pwned. Bummer
-
I don't think that's guaranteed to be true.
A very old email of mine which I haven't used in many years was in the breach.
None of my other email addresses were in there, so it's highly unlikely that I was affected by this malware in the last decade.
That email has been in many other breaches however, so I wouldn't be surprised if somebody who had access to an old dump was infected.
My money's on some random skid who downloaded an old database dump and got infected when they downloaded some bad warez.Either that, or this includes credentials from people who had the malware 15+ years ago.
-
You're not alone. I'm on the list, but no domain data and I don't have the 'stealer log entries' available.
