Privacy Guides

17335 readers

243 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

We prefer posting about open-source software whenever possible.
This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
No soliciting engagement: Don't ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don't repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago

MODERATORS

[email protected]

I don't know what to do with this information (lemmy.world)

submitted 2 weeks ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 33 points 2 weeks ago (2 children)

Yep, thats the blogpost from the owner of haveibeenpwnd regarding the email OP received.

OP, it seems like you have or had malware on one or more of your devices that has been logging all of your credentials to any services you signed into on the infected devices with the email address provided in the screenshot you shared.

we're talking about the logs created by malware running on infected machines. You know that game cheat you downloaded? Or that crack for the pirated software product? Or the video of your colleague doing something that sounded crazy but you thought you'd better download and run that executable program showing it just to be sure? That's just a few different ways you end up with malware on your machine that then watches what you're doing and logs it.

These logs all came from the same person and each time the poor bloke visited a website and logged in, the malware snared the URL, his email address and his password.

I would suggest running a malware scan on devices you use to log in with that email.

On a secure device, you should change the passwords for each service that you use that email with.

If 2FA is already enabled on any of these accounts, then it should be safe and I would ensure the device is not infected before changing the passwords or else the passwords will be stolen again when you sign in on the infected device.

It is likely any other accounts that were signed into on the infected device have had their credentials stolen too, you may not have those email addresses set up to receive this notification. Also you should notify anyone else who has used the infected device that their credentials were likely stolen too.

You can check if other emails have been comprised using https://haveibeenpwned.com/ and you can also check if passwords have been comprised there too.

[–] [email protected] 8 points 2 weeks ago

To add to this, here's what I would do personally:

For disinfecting devices, it's a process:

Isolate the device, remove network cards if possible.
Try to find out what kind of malware it is? Is it isolated to the OS? If it's infecting device firmware I'd just replace the whole device, otherwise move to next step.
Copy essential data onto a removeable drive (USB)
Wipe the drive and re-install the OS fresh.
Full content malware scan of all files on the USB.
Copy files back onto fresh OS.

Some additional things to do:

Change relevant credentials.
Enable Multi-Factor Authentication (MFA) wherever offered.
If you're in the US and believe that financial info was compromised (SSN, bank passwords, etc.), freeze your credit and file 1 year fraud alerts with all major consumer reporting companies (Equifax, Transunion, Experian, etc.). This is free and quick as required by law.

[–] [email protected] 4 points 2 weeks ago* (last edited 2 weeks ago)

Very thorough explanation!
I'll add a basic info for @[email protected]: every service MUST have a different password (password manager almost mandatory with a VERY strong password and 2FA). If you're paranoid like me ( 🙈 ) use a different email alias for each service (SimpleLogin)