It was recommended in this Dailymail article which reports a massive exposure of SSNs:

https://mol.im/a/15591707

Not sure if it is legit but if there is anyone who has never been part of a “security breech” you will eventually be part of one.

Been talked about previously, https://sigforum.com/eve/forum...Type=1&search=Search

Any entity that maintains a database of compromised credentials has to be the most desirable target there can be for those who wish to profit from this information. I sure hope the maintainers of the site referenced in the OP is aware of this and has extremely strong measures in place to protect themselves and those they are trying to "help."

Additionally, I suspect the site is merely a front offering a "first one is free" come on for expensive "in-depth services."

quote:

Originally posted by Pipe Smoker:
Is “HaveIBeenPwned.com” legit?

Yes, it's a well-known and legitimate security website.

quote:

Originally posted by architect:
Any entity that maintains a database of compromised credentials has to be the most desirable target there can be for those who wish to profit from this information. I sure hope the maintainers of the site referenced in the OP is aware of this and has extremely strong measures in place to protect themselves and those they are trying to "help."

Additionally, I suspect the site is merely a front offering a "first one is free" come on for expensive "in-depth services."

Regarding the "keeping a database of compromised credentials is dangerous" argument, they get these lists by trolling the dark web and backchannel hacking forums/discords to find publicly available compromised credentials that have been published there, usually in large data dumps of millions/billions of credentials at a time.

They then sort through the data and notify the compromised folks of their inclusion as a public service.

So any info they'd have on hand is already previously compromised, and is already out there and available for bad guys to use.

Therefore someone hacking into them just to get the same publicly available info would be a lot more work for no additional gain, over simply getting it off the dark web or hacking forums/discords like any other bad actor would.

So that argument doesn't hold water.


And as for the "first one's free/they're trying to sell you something" argument, they don't ever charge for personal use, and don't sell services to users.

The only time they charge is for large domain owners and security researchers who want to run huge batches of automated queries through their data archive.

So zero charge ever for you and me searching one credential at a time. But a few hundred bucks a month to someone like Google or Microsoft who wants to run 10,000 searches a second through it.

Nice to know when your data has been compromised, and the company hacked has not bothered to share with those affected. For me that is the value of “HaveIBeenPwned.com”

YES it is legitimate and referenced many times by legitimate security people and websites. God Bless

^^^^^
Thanks Rogue. I just checked. The report says “Oh no — pwned!”
April 2021 via “Linkedin”.

I deleted my Linkedin account years ago, and saw no problems then (nor since), so I suspect that I’m safe. I’m damned sure that I didn’t provide my SSN or other critical info to Linkedin.

To see if your social security or any other information such as financial accounts, credit cards PIN codes, passwords and more, have been compromised, please go to following site and enter all that information and we will search the entire internet and let you know.

https://YGTBSHM!.com

quote:

Originally posted by Pipe Smoker:
It was recommended in this Dailymail article which reports a massive exposure of SSNs:

https://mol.im/a/15591707

I got the letter in the mail.
Only AFTER I've been dealing with hackers since December.
I had to lock down all of my accounts.

They are STILL trying to get into my e-mail and such.
ANNNNND because it was through work, they actually reset my work financial account and tried to have my check direct deposited.
(yes I have ALL of their information, even their address now.)

All this data mining company did was offer me FREE MONITORING!
So they're absolutely held UNACCOUNTABLE for my information.


HAve I mentioned how much I hate people?

With all the data breaches at credit reporting agencies and national healthcare providers/systems, one should assume that their SSAN, DOB and other statistics are "out there". Easy way to combat most of this is to keep your credit frozen with the 4 national credit reporting agencies, avoid common use or duplicate passwords, 2-3x authentication factors, etc. It can sometimes be a PIA, but it sure beats the alternative.

My only objection to that site is its stupid name.

These assholes used my SSN and CALLED the pay company to get my account changed.
I was in with financials when they actually changed my password and bannkking information right there in front of her.
Had her lock my account.
They actually had the pay company CALL to try and unlock the account.
Idiots left a traceable IP and banking information.
Bancorp Bank. And they're in Bronx New York.

Para isn't gonna let me DOX them here.

I find my Allstate identity protection service helpful, in place of my own feeble attempts to monitor. I was given this service as a corporate benefit, and keep it now in retirement.

I also practice password control with the Apple passwords app. Easy to change passwords and also create passkeys.

quote:

Originally posted by ScreamingCockatoo:

Idiots left a traceable IP and banking information.

I hope you can get some criminal charges placed.

My father had a similar situation. The perp phoned Fidelity and pretended to be him. They had his info and convinced Fidelity to empty his brokerage account and send a physical check to a physical address. Even with the perps voice on tape and a specific address, no law enforcement was interested in anything other than filing a report.

quote:

Originally posted by 4MUL8R:
I find my Allstate identity protection service helpful, in place of my own feeble attempts to monitor. I was given this service as a corporate benefit, and keep it now in retirement.

I also practice password control with the Apple passwords app. Easy to change passwords and also create passkeys.

The company I work for gave me the Allstate plan with a fiduciary.

quote:

Originally posted by Fly-Sig:

quote:

Originally posted by ScreamingCockatoo:

Idiots left a traceable IP and banking information.

I hope you can get some criminal charges placed.

My father had a similar situation. The perp phoned Fidelity and pretended to be him. They had his info and convinced Fidelity to empty his brokerage account and send a physical check to a physical address. Even with the perps voice on tape and a specific address, no law enforcement was interested in anything other than filing a report.

Oh I had to call Merril immediately as soon as I got an alert that I was trying to change my password.
Had them lock all access online and I have to give a PIN to access at a branch.(BoA)

I gave all the information to the banks. I suspect they really don't care.

quote:

Originally posted by ScreamingCockatoo:

Idiots left a traceable IP and banking information.
Bancorp Bank. And they're in Bronx New York.

Para isn't gonna let me DOX them here.