Hello - I have a few credit monitoring services who tell me most months that my email AND password have shown up on the dark web. I immediately change my password but then get another notice the next month that the password is on the dark web. I end up changing my password at least twice a month. How is this happening? I do not click on unknown or unsolicited links and always go to my saved links for financial transactions. Thanks for any insight.
Do they say what the password is at all? It might be telling you about passwords you have used 10 years ago.
2 Likes
Decent reporting services tell you from which site and which date the email address and password were compromised.
When I check mine, I often find the passwords were leaked years ago and I have already changed them.
1 Like
I agree with what’s been said above, but I also am concerned you have placed your trust in some site that is not worthy and it is somehow compromised. One solution is to use a password manager and to NEVER reuse a password, such that you do not know any password except the one for your password manager. An additional thing to do is to use a unique userID/email per site, though this is much more work, your password manager can assist. This way, it’s much harder to cross-co-ordinate for the bad guys, as they have a much more difficult time knowing what to attack with which credentials (in essence every credential is unique, so there is nothing to attack really.)
2 Likes
Thank you for your reply. The notifications I get just say found on the dark web. And the dates are often old. I tend to panic and create more work for myself!
Thank you for your reply. I do use a password manager. I will figure out how to set up the unique user ID/email. Thanks for the recommendation!
Thanks for your thoughts. Just that my email/password was found on the dark web, along with a date. I’m not going to panic anymore for old dates.
If you are an iPhone user, and use iCloud for your email, it will allow you to create disposable email addresses for this purpose. That way you do not expose your real email, and if you get spam from one specific email, you know exactly which site leaked your details either intentionally or unintentionally.
Of course you can delete the temporary email and remove the weak link completely.
2 Likes