Email hacking

Messages
3,667
Name
John
Edit My Images
Yes
#1
I read an article in Saturday's Times about the hacking of Emails. It provided a website where you input your Email address and it will search and tell you if you've suffered a breach of your data.It's free. Professor Alan Woodward,a cyber-security researcher at the University of Surrey says that younger people are more at risk as they have a tendency to overshare online and that you can assume that if your Email was leaked then the data stored with it was.

The website is called haveibeenpwed.com and is bona fide. It's run by Troy Hunt,an Australian web security expert and is used by the UK's National Cyber-security Centre

Hopefully this will be live haveibeenpwned.com

Wiki features it https://en.wikipedia.org/wiki/Have_I_Been_Pwned?

I put in my Email address and got this answer.

'Breaches you were pwned in'

Adobe and Money Bookers. It states that a breached site is where data has been illegally accessed by hackers and then released publicly. Like most on here I use Adobe. I don't recall using Money Booker/Skrill. The only money transfers I've engaged in is on here re. equipment sales. I assume the buyers on here went throughout their own banks.I don't know

It goes on..The data can include Email address, passwords, credit card details.

It further states.

1.Adobe 2013. In 2013 153 million Adobe Accounts were breached with each containing an internal ID, Username,Email,encrypted password and a password hint in plain text. The password cryptography was poorly done and many quickly reverted to plain text.The uncrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers faced.

2.Money Bookers. Sometime in 2009 the e-wallet service known as Money Bookers suffered a data breach which exposed also most 4.5 million customers . Now called Skrill,the breach was not discovered until October 2015 and included names, dates of birth, Email addresses, IP addresses,home addresses.,names,phone numbers and physical addresses.

This is why I and my wife declined the invitation from the NHS (via my surgery) to allow them to place my medical history online. I well appreciate the advantages..you fall ill somewhere away from home and your history is available to those treating you but as with other large organisation security breaches have occurred. https://www.telegraph.co.uk/news/he...edical-records-go-online-without-consent.html

For a start too many NHS/Health employees can access it which is very concerning. https://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/
 
Messages
21,891
Edit My Images
Yes
#2
Don't give your emails to banks then. Most of their data breaches came from their offshore datacentres where staff could make a years salary (still not that much) selling addresses to fraudsters
 
Messages
32,659
Edit My Images
No
#3
Not just banks, loads of companies ... Yahoo, Adobe, ABTA, Debenhams, Wonga, Sports Direct, TalkTalk, 3 etc, etc.
 
Messages
5,704
Name
Jak
Edit My Images
No
#4
So what's the answer, don't give your @mail to anyone??
 
Messages
66
Name
Greg
Edit My Images
Yes
#5
Well you can use separate email aliases and ideally entirely separate mail accounts for separate disciplines/levels of importance as you see fit.

That's what I do, in the event of a breach I can just purge that particular address and I know who's "responsible" for leaking the address.

Troy Hunt does good work, HIBP is great for raising awareness of data breaches outside of the infosec community. Recently he also updated Pwned Passwords which combined with k-Anonymity (used in his new API) has huge potential to help with password reuse/weak passwords - really cool.
 
Messages
1,197
Edit My Images
Yes
#7
Slightly off topic, but related, I think that all government run 'companies have someone selling the data they collect, either by fully disclosed knowledge or via the backdoor with someone making a few quid off of it.

My dad had an accident a few years back now, where my mum accidentally nudged him with the car and knocked him over, banging his head against the corner of the brick wall. She took him directly to hospital herself, booked him in, stayed with him and brought him home - within 10 minutes of him getting home, they had a phone call stating that they'd heard that he'd had this specific accident and would he like to prosecute the person responsible - fortunately he didn't ;)

But we were amazed that this had happened and it proved everything i'd ever thought, about data being given out to other companies probably paying for it
 
Messages
1,704
Name
Richard
Edit My Images
No
#8
Slightly off topic, but related, I think that all government run 'companies have someone selling the data they collect, either by fully disclosed knowledge or via the backdoor with someone making a few quid off of it.

My dad had an accident a few years back now, where my mum accidentally nudged him with the car and knocked him over, banging his head against the corner of the brick wall. She took him directly to hospital herself, booked him in, stayed with him and brought him home - within 10 minutes of him getting home, they had a phone call stating that they'd heard that he'd had this specific accident and would he like to prosecute the person responsible - fortunately he didn't ;)

But we were amazed that this had happened and it proved everything i'd ever thought, about data being given out to other companies probably paying for it
That’s too soon for it to be the hospital sharing I think. Don’t you think it’s more likely to a staff member freelancing or even someone just hanging about picking up information about traffic accidents?
 
Messages
1,197
Edit My Images
Yes
#9
I don't think that it was the hospital personally Richard, but the speed of which they got in contact, someone was definitely getting paid for passing info on. I was amazed, but not surprised
 
Messages
1,704
Name
Richard
Edit My Images
No
#11
Not really anything to do with giving your email address out.

It's about not using the same passwords for every online service you subscribe to so when one account gets compromised others aren't effected.
And about using a password manager so that you can keep track of all the different pssswords etc.
 
Messages
7,473
Name
Paul
Edit My Images
Yes
#12
As Neil says this is not email hacking, this is compromising websites we as people give our details to.
If a hacker steals details he/she/it can then attempt to use those details on other sites to leverage your data or gain access to your email.

for example bob.jones@bt.com also uses wanga-noodles.com and has the password bobbins123 that's his dogs name.

some Russian dorito scoffing hacker steals all the data from wanga-noodles.com because there systems admin is a 4 years old knob-jockey.

that same Russian hacker then tries to login to bob jones bt mail using that same password and voila it works.

Russian hacker now has control over that account.

he can now go to say amazon.com and do a password reset on bob.jones@bt.com and the email comes through on the BT account and Russian hacker intercepts it, changes bobs amazon password and gets up to all kinds stuff.

adds another address and orders a few expensive items on next day delivery.

and BOOM
 
OP
OP
JohnC6
Messages
3,667
Name
John
Edit My Images
Yes
#13
Not really anything to do with giving your email address out.

It's about not using the same passwords for every online service you subscribe to so when one account gets compromised others aren't effected.

And about using a password manager so that you can keep track of all the different pssswords etc.

A lot of informative replies. It's been a good thread. As mentioned, the proper term should have been, compromised rather than hacked.

I read that for data from companies, Amazon and Tesco were quoted, can be bought for little more than £5... Deliveroo.. £3.74 You'd think people woukd pay cash for food deliveries. What about people who give their debit card details to street chuggers raising funds for charities..? A tv consumer programme sent out a reporter doing just that and then advised those giving their details they were 'scammers'..fraudsters...

So, as stated..(Neil& Richard..quoted) ..different passwords and my own practice,ie. caution about who gets the genuine information is the best we can do. You'd hope, by now, after all the publicity, that people don't use the same passwords or easily - guessed,compromised passwords. I get a prompt ,'Save password..for this website' ..for instance on here I click 'Not now'..I don't keep passwords on the computer but in a notebook and every website has a different one. One suggestion I read in that article was to choose three words,unconnected, and drop exclamation marks, question marks and numbers amongst the letters.

In some cases,obviously not your bank or the likes of Amazon where items are delivered, when I apply I input false details, eg date of birth, post code . If you want to listen,online, to the BBC you have to sign up. They want your post code and date of birth. They say the dob is so they have an idea of the age range of listeners for various programmes..my answer is,in that case just bracket age groups.

I'll be setting up a new Email shortly and and closing the current one.It will be severely restricted as to who gets it. I'm not even setting one up on my new iMac.The only online communication I get from my bank is to tell me that my monthly statement is available to read. I don't need that. Amazon need it. I'm not on Facebook nor Twitter nor what's app or whatever it's called etc. In my Inbox yesterday were 67 spam Emails..about three day's worth, 'A lot's happened since you last logged into Facebook.. You have 4 messages, click here if you want to unsubscribe..etc. etc. Hopefully a new Email will stop the vast majority. However, there's only so much you can do but making it harder to compromise data is more than a lot of people, seemingly, do.

Thanks for all the responses.
 
Messages
7,473
Name
Paul
Edit My Images
Yes
#14
you're are overthinking it here and having a panic.
just go round as many sites you can think of and do a change password and pick some tasty ones and if you want to write them down.

finally change your online email account one and make that very challenging and unique.
 
Messages
2,107
Name
Kev
Edit My Images
No
#16
OP thanks for the link
As others have said set up different email accounts, I have separate ones for family/friends, banks, online shopping, insurance & other quotes, other sites where they require an email but you will never use them again - that is a gmail account which I just empty every couple of months without reading any of them.
 
OP
OP
JohnC6
Messages
3,667
Name
John
Edit My Images
Yes
#17
you're are overthinking it here and having a panic.
just go round as many sites you can think of and do a change password and pick some tasty ones and if you want to write them down.

finally change your online email account one and make that very challenging and unique.
Thanks,Paul. I only login to this website and a steam loco forum now and then.There's a few ,just a few more, I haven't posted on but visit now and then . I don't use those passwords anywhere else,certainly not for my banking,financials etc. I don't know if I can delete registrations but it doesn't matter really. I have no trust in online anything, it's why I don't have the passwords on my computer. My passwords for three I have to have..the likes of Amazon and two financial ones are classed as 'good' or whatever term is used when you select one. My thinking is that 'what can happen,will happen' It's not panicking,as such but a doom-laden view of the cyber world, we can't properly function outside it so it's a matter of doing all you can to avoid disaster and from what I hear on the radio and tv consumer programmes, beyond your best efforts,taking on board all security advice you can only live in hope you remain unscathed.
 
OP
OP
JohnC6
Messages
3,667
Name
John
Edit My Images
Yes
#18
OP thanks for the link
As others have said set up different email accounts, I have separate ones for family/friends, banks, online shopping, insurance & other quotes, other sites where they require an email but you will never use them again - that is a gmail account which I just empty every couple of months without reading any of them.

Thanks too,Kev. I have an iMac Email and thought that was the only one I could have with a Mac. I don't think I can set up a gmail account. Infact the old websites I used to post on have a yahoo Email address before I had a Mac and I closed it down due to someone who had me,along with many others on his computer, who had his mail hacked. I thought it was a bit daft Emailing all his contacts on a Bcc to tell them the mails purporting to be from him weren't..I did receive some, so I saw the addresses of all his contacts as did all if them. All those stupid round- robins with all too often, stupid jokes..a spammers' goldmine.

Taking on board what you've suggested I'll speak to my near neighbour who is very good with computers and also has a Mac,infact thinking about it he told me one day that he has two Mac addresses.
 
Messages
1,704
Name
Richard
Edit My Images
No
#20
Thanks too,Kev. I have an iMac Email and thought that was the only one I could have with a Mac. I don't think I can set up a gmail account. Infact the old websites I used to post on have a yahoo Email address before I had a Mac and I closed it down due to someone who had me,along with many others on his computer, who had his mail hacked. I thought it was a bit daft Emailing all his contacts on a Bcc to tell them the mails purporting to be from him weren't..I did receive some, so I saw the addresses of all his contacts as did all if them. All those stupid round- robins with all too often, stupid jokes..a spammers' goldmine.

Taking on board what you've suggested I'll speak to my near neighbour who is very good with computers and also has a Mac,infact thinking about it he told me one day that he has two Mac addresses.
As already said, you can collect email from several accounts on your Mac or on an iPad or iPhone (and Windows PC and Android phones etc). They don’t have to be Apple/Mac/iCloud accounts/addresses, Gmail is probably the easiest/best if you are worried about spam as their filtering is very good.
 
OP
OP
JohnC6
Messages
3,667
Name
John
Edit My Images
Yes
#21
As already said, you can collect email from several accounts on your Mac or on an iPad or iPhone (and Windows PC and Android phones etc). They don’t have to be Apple/Mac/iCloud accounts/addresses, Gmail is probably the easiest/best if you are worried about spam as their filtering is very good.
OK..Cheers, Richard. I'll get on to that. My wife has Gmail on her computer.
 
Messages
1,704
Name
Richard
Edit My Images
No
#22
OK..Cheers, Richard. I'll get on to that. My wife has Gmail on her computer.
You’ll find that all the settings for gmail are built into macs and iPhones etc, all you need is the account name and password.

Edit: typo.
 
Last edited:
Top