Email has been exposed to data breach.

[Evellence]

Hello!

 

According to "haveibeenpwned" site my email has been breached 21 times, and recently there was a paste found, and yes there is my email with password there. I was using same password for every site, and that is how i got there. Learned my lession. I'm scared, and dont know what else to do.

 

Things i did so far

- Changed all passwords and enabled 2 step authenticator where is that possible. 

- Enabled 2FA for sites that support it 

- Deleted accounts from breached sites and requested that they delete my data from database

- Migrated important accounts to another email

- Contacted email support, and asked them to secure my account as much as possible.

 

Yes 21 pastes is a lot, should i just make new email and delete all data?  But deleting would be stupid i think. What should i do? I really need help with this 

 

---

EDIT: Added 2fa in things i did so far

 

Edited August 5, 2019 by Evellence

[Crunchy Dragon]

2FA will probably be enough to protect you from anybody trying to log into your account, especially if goes through your phone.

That's on top of changing your passwords.

 

I'd also make sure you have a good password and 2FA enabled on your other email. If you don't care about the breached email account, I'd say it's fine to nuke it.

[Mira Yurizaki]

10 minutes ago, Evellence said:

Yes 21 pastes is a lot, should i just make new email and delete all data?  But deleting would be stupid i think. What should i do? I really need help with this

If it were me, an email address that compromised warrants dumping it for any use.

[Spotty]

Looks like you've already followed the sensible steps. 

Consider that email account burned. Even after changing your passwords once your email ends up on those lists it often ends up on spam mailing lists as well. Don't use it any more. Set up a new email account with all different passwords.

 

It can be a good idea to create multiple email addresses. One for important things, sites you trust. Then have a separate email address (or multiple) for random sites that require you to sign up. That way if some random website you signed up to a few years ago and forgot you even had an account on gets breached it's less likely to compromise the email you use for online banking.

 

I would also suggest ensuring you use different passwords on different sites, that way if your account is compromised on one service the other services remain relatively unaffected.

 

2FA everything you can. Most popular sites support 2FA in one form or another. Did you know the Linus Tech tips forum also supports 2FA? You can enable it in the account settings.

 

Also expect to receive a bunch of "we have hacked your system and we know your password is "whatever" and we have hacked your webcam and filmed you pleasuring yourself. If you don't send us Bitcoin we will release the video to your friends and family" type email scams. Just ignore them, don't reply. Seems to be a rather common tactic scammers have been using with recent beaches. (And don't worry, they didn't actually record you. It's just a lie to scam you.)

[Evellence]

9 minutes ago, Spotty said:

Looks like you've already followed the sensible steps. 

Consider that email account burned. Even after changing your passwords once your email ends up on those lists it often ends up on spam mailing lists as well. Don't use it any more. Set up a new email account with all different passwords.

 

It can be a good idea to create multiple email addresses. One for important things, sites you trust. Then have a separate email address (or multiple) for random sites that require you to sign up. That way if some random website you signed up to a few years ago and forgot you even had an account on gets breached it's less likely to compromise the email you use for online banking.

 

I would also suggest ensuring you use different passwords on different sites, that way if your account is compromised on one service the other services remain relatively unaffected.

 

2FA everything you can. Most popular sites support 2FA in one form or another. Did you know the Linus Tech tips forum also supports 2FA? You can enable it in the account settings.

 

Also expect to receive a bunch of "we have hacked your system and we know your password is "whatever" and we have hacked your webcam and filmed you pleasuring yourself. If you don't send us Bitcoin we will release the video to your friends and family" type email scams. Just ignore them, don't reply. Seems to be a rather common tactic scammers have been using with recent beaches. (And don't worry, they didn't actually record you. It's just a lie to scam you.)

Yes, i enabled 2fa for most of the sites that support it. I'm already at process of making a new email and slowly migrating important accounts to that email. As for the spam, its true i am getting those "recorded you" emails like 2-5 a day. Alright, i will just burn it and just get another email

 

Thank you for your answer. I really appreciate it. 

[another_member]

4 hours ago, Evellence said:

haveibeenpwned

 

Just a question, 

 

Can haveibeenpwned be trusted?

[lloose]

6 minutes ago, Catchears said:

 

Just a question, 

 

Can haveibeenpwned be trusted?

With what? They don’t host anything, they just check known lists of compromised site to see if your email address shows up. 

[another_member]

Just now, lloose said:

With what? They don’t host anything, they just check known lists of compromised site to see if your email address shows up. 

As in, do they keep email adresses? I would assume not but I thought I'd ask.

[Bartholomew]

2 minutes ago, lloose said:

With what? They don’t host anything, they just check known lists of compromised site to see if your email address shows up. 

I think was meant to ask along the lines of:

 

Does using that also sign entered email up for 5000 spamlists  (like tge "unsubscribe" buttons in spam do )

 

id also like to know..

[lloose]

I’ve been checking it for years and never had an issue. Even on private email addresses which never get spam. 

[Bartholomew]

12 minutes ago, lloose said:

I’ve been checking it for years and never had an issue. Even on private email addresses which never get spam. 

Thanks for the info!

[another_member]

11 hours ago, lloose said:

I’ve been checking it for years and never had an issue. Even on private email addresses which never get spam. 

Thanks.