186

Experian, this less helpful than not knowing (lemmy.sdf.org)

submitted 1 month ago by lars@lemmy.sdf.org to c/assholedesign@lemmy.world

21 comments fedilink hide all child comments

all 22 comments

sorted by: hot top controversial new old

[-] Black616Angel@discuss.tchncs.de 31 points 1 month ago

Yeah, it's not too helpful, but maybe they have no more data. If you want to know more, go to https://haveibeenpwned.com/ and enter you e-mail. They maybe know, where your data came from.

Otherwise: Do you have a different and random password for each site? If yes, change your gmail password (in as it was gmail itself) and then watch the news, if a site you use was hacked. If you don't have different password for each site... Well then you are gonna have a fun day changing all you passwords to new ones. And use a password manager and a new random password for each site this time, please.

[-] ooterness@lemmy.world 21 points 1 month ago

These services are so useless. I have about a million years of free "monitoring" from all the data breeches. Whoever decided a year of useless false-alarms was an adequate remedy for a class-action settlement should be launched into the sun.

[-] Tikiporch@lemmy.world 4 points 1 month ago

Only a nerd would have more than one email address with the same domain.

[+] Forester@yiffit.net -35 points 1 month ago

Reset your email password. It's saying that your email is being sold

[-] wander1236@sh.itjust.works 55 points 1 month ago

No, it's just saying they found whatever the email is along with a password in some dark web database.

The dumb part is that they don't tell you any of the email address in the alert.

[-] osakapinata@lemmynsfw.com -1 points 1 month ago

Was that alert sent as an email?

[-] Susaga@sh.itjust.works 12 points 1 month ago

Why would they tell you your email in an email sent directly to you? No, scratch that. Why would they censor your email in an email sent directly to you?

[-] phdepressed@sh.itjust.works 3 points 1 month ago

They tell you an email because many people have more than one.

[-] lurch@sh.itjust.works 2 points 1 month ago

Maybe it's offensive 😆

[+] Forester@yiffit.net -19 points 1 month ago* (last edited 1 month ago)

And pray do tell if it's not being sold, why is it listed in some random data breach??

. I just said it in layman's terms. Op needs to reset his password cause someone is selling it.

[-] IphtashuFitz@lemmy.world 16 points 1 month ago

My email address is literally registered on dozens of websites. I use a different completely random password, generated by a password manager, on every one of those sites. How would I know which website and which password was compromised based on this message?

[-] takeheart@lemmy.world 1 points 1 month ago

Here's a neat trick that works with some providers: you can include a + sign and an extra string of characters and it will still be delivered to the same address. Example:

user083+some-online-shop@provider.net will receive the mail for user083@provider.net. So you can register with a different email address everywhere yet it all goes to the same account. If your account gets leaked or breached you'll know where it happened thanks to the extra information behind the +.

[-] IphtashuFitz@lemmy.world 4 points 1 month ago

Yeah I know about that trick. I’ve run into problems using that in the past because the + notation isn’t universally supported, and also some companies sell their customer lists to other companies. I forget the specific details because it happened years ago now, but I found one of my + addresses signed up to a mailing list I didn’t want to be on. The form used to unsubscribe from that list considered the + an invalid character, so I couldn’t unsubscribe. As I recall it took a week or so of emails to various contacts at that company to get me unsubscribed.

Besides, it wouldn’t help at all in this particular case. Look at the screenshot. It’s redacting everything in the email address before the @, so I still wouldn’t know which one they are referring to.

[-] takeheart@lemmy.world 1 points 1 month ago

Yeah, the redacting is weird. How did you even receive this? I thought it came via email itself so you would know but it's still redacted in case you're using aliases. Or perhaps they assume people have only a single account with any provider and thus could infer.

[-] IphtashuFitz@lemmy.world 2 points 1 month ago

I’ve had my identity stolen multiple times over the years and had everything from fraudulent tax returns filed to get refunds, to credit cards taken out in my name. I was one of the victims of the federal governments Office of Personnel Management data breach 10 years ago (think the HR department for the entire US Federal Government). That resulted in me getting what amounts to free ID/credit monitoring with a really good company for the rest of my life. They send me alerts similar to this one fairly often, and it’s also next to useless. My guess is it’s based on lists of usernames & passwords stolen from websites and offered for sale by scammers. It’s not uncommon for those types of lists to have been collected from multiple websites, and merged into one giant list since lots of people still use the same password everywhere. So there’s likely no way of knowing what website a given set of credentials came from.

As for the masking of the email address, seeing that different monitoring services are doing the same exact thing it makes me wonder if either these are all coming from the same third party service, or if there’s some sort of law/regulation that is requiring them to mask it…

[-] echodot@feddit.uk 1 points 1 month ago* (last edited 1 month ago)

But they hide everything before the @ so how does that help?

[-] takeheart@lemmy.world 1 points 1 month ago

You can narrow it down by length. Not perfect but it's a start. Unless the *****s are always the same length like in some password fields. Hard to tell from the message.

[-] echodot@feddit.uk 1 points 1 month ago* (last edited 1 month ago)

It's not a good method is it? It relies on others not being really stupid

Oh hay Lets just make they reacted paid rise same length render tone, since that is real really easy.

[-] zorro@lemmy.world 12 points 1 month ago

But what site does he need to reset?

[-] InquisitiveApathy@lemm.ee 4 points 1 month ago

They are not being informed that their actual email account is compromised. They are simply being told that their email address and an associated password was located in some csv file somewhere.

You use your email as an identifier/username by default for numerous services so without them specifying anything further this information isn't exceptionally meaningful. If you use the same password for your email provider as you do other services, then you've got bigger problems(Please don't do this)

[-] zaph@sh.itjust.works 1 points 1 month ago

It isn't though.

this post was submitted on 25 Apr 2024

186 points (97.9% liked)

AssholeDesign

6779 readers

4 users here now

This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.

founded 11 months ago

MODERATORS

Buddahriffic@lemmy.world