Kdtyjb

Canadian citizen, on US no-fly list. What can I do in order to be allowed on flights which go through US airspace?

When an experienced monk meditates how much does their mind wander?

Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?

What are all the squawk codes?

How to mitigate "bandwagon attacking" from players?

If a set is open, does that imply that it has no boundary points?

Why is s'abonner reflexive?

Borrowing Characters

How do I deal with being jealous of my own players?

Make me a metasequence

What should one use the left pedal for on an upright?

Does Garmin Oregon 700 have Strava integration?

Did 5.25" floppies undergo a change in magnetic coating?

Erro: incompatible type for argument 1 of 'printf'

In iTunes 12 on macOS, how can I reset the skip count of a song?

What type of postprocessing gives the effect of people standing out

Plagiarism of code by other PhD student

VAT refund for a conference ticket in Sweden

Center single line(s) in align

Does an unattuned Frost Brand weapon still glow in freezing temperatures?

Graphing random points on the XY-plane

The need of reserving one's ability in job interviews

Non-Italian European mafias in USA?

What is a term for a function that when called repeatedly, has the same effect as calling once?

How can I be pwned if I'm not registered on the compromised site?

Is it safe to check password against the HIBP Pwned Passwords API during account registration?Search on email domains using the Have I Been Pwned API?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned

55

6

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @kasperd yes, sorry if that is not clear from my question
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
  
  – Ole Albers
  11 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
  
  – TylerH
  2 hours ago
  

  
  
  
  

 | 
show 4 more comments

55

6

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @kasperd yes, sorry if that is not clear from my question
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
  
  – Ole Albers
  11 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
  
  – TylerH
  2 hours ago
  

  
  
  
  

 | 
show 4 more comments

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

share|improve this question

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

share|improve this question

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

edited 5 hours ago

Jasper

1032

edited 5 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,20641414

asked yesterday

PureferretPureferret

1,20641414

2 Answers
2

active

oldest

votes

86

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  43
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  20 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.
  
  – Qwertie
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  10 hours ago
  

  
  
  
  

 | 
show 6 more comments

53

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

57818

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  10 hours ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  6 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

86

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  43
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  20 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.
  
  – Qwertie
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  10 hours ago
  

  
  
  
  

 | 
show 6 more comments

86

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  43
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  20 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.
  
  – Qwertie
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  10 hours ago
  

  
  
  
  

 | 
show 6 more comments

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

53

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

57818

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  10 hours ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  6 hours ago
  

  
  
  
  

add a comment | 

53

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

57818

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  10 hours ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  6 hours ago
  

  
  
  
  

add a comment | 

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

57818

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

57818

answered yesterday

hairydresdenhairydresden

57818

answered yesterday

hairydresdenhairydresden

57818