Why would they tell you your email in an email sent directly to you? No, scratch that. Why would they censor your email in an email sent directly to you?
My email address is literally registered on dozens of websites. I use a different completely random password, generated by a password manager, on every one of those sites. How would I know which website and which password was compromised based on this message?
Here’s a neat trick that works with some providers: you can include a + sign and an extra string of characters and it will still be delivered to the same address. Example:
user083+some-online-shop@provider.net will receive the mail for user083@provider.net. So you can register with a different email address everywhere yet it all goes to the same account. If your account gets leaked or breached you’ll know where it happened thanks to the extra information behind the +.
You can narrow it down by length. Not perfect but it’s a start. Unless the *****s are always the same length like in some password fields. Hard to tell from the message.
They are not being informed that their actual email account is compromised. They are simply being told that their email address and an associated password was located in some csv file somewhere.
You use your email as an identifier/username by default for numerous services so without them specifying anything further this information isn’t exceptionally meaningful. If you use the same password for your email provider as you do other services, then you’ve got bigger problems(Please don’t do this)
No, it’s just saying they found whatever the email is along with a password in some dark web database.
The dumb part is that they don’t tell you any of the email address in the alert.
Was that alert sent as an email?
Why would they tell you your email in an email sent directly to you? No, scratch that. Why would they censor your email in an email sent directly to you?
And pray do tell if it’s not being sold, why is it listed in some random data breach??
. I just said it in layman’s terms. Op needs to reset his password cause someone is selling it.
My email address is literally registered on dozens of websites. I use a different completely random password, generated by a password manager, on every one of those sites. How would I know which website and which password was compromised based on this message?
Here’s a neat trick that works with some providers: you can include a + sign and an extra string of characters and it will still be delivered to the same address. Example:
user083+some-online-shop@provider.netwill receive the mail foruser083@provider.net. So you can register with a different email address everywhere yet it all goes to the same account. If your account gets leaked or breached you’ll know where it happened thanks to the extra information behind the +.But they hide everything before the @ so how does that help?
You can narrow it down by length. Not perfect but it’s a start. Unless the *****s are always the same length like in some password fields. Hard to tell from the message.
It’s not a good method is it? It relies on others not being really stupid
Oh hay Lets just make they reacted paid rise same length render tone, since that is real really easy.
They are not being informed that their actual email account is compromised. They are simply being told that their email address and an associated password was located in some csv file somewhere.
You use your email as an identifier/username by default for numerous services so without them specifying anything further this information isn’t exceptionally meaningful. If you use the same password for your email provider as you do other services, then you’ve got bigger problems(Please don’t do this)