Kdtyjb

Can a space-faring robot still function over a billion years?

What is this waxed root vegetable?

How do I deal with being jealous of my own players?

For a 1-action spell, do I need to take a turn to ready the spell before I can cast it, or can I cast it immediately?

Difference between 'stomach' and 'uterus'

Where is the line between being obedient and getting bullied by a boss?

How can I be pwned if I'm not registered on the compromised site?

Skis versus snow shoes - when to choose which for travelling the backcountry?

Book about a time-travel war fought by computers

Are paired adjectives bad style?

Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?

Roots of 6th chords on the guitar for different inversions/voicings

Do higher etale homotopy groups of spectrum of a field always vanish?

How to evaluate the limit where something is raised to a power of x?

Is there a full canon version of Tyrion's jackass/honeycomb joke?

Non-Italian European mafias in USA?

School performs periodic password audits. Is my password compromised?

Wrap all numerics in JSON with quotes

Toast materialize

Did Amazon pay $0 in taxes last year?

Citing contemporaneous (interlaced?) preprints

Starting index at zero

Why are special aircraft used for the carriers in the United States Navy?

What are all the squawk codes?

How can I be pwned if I'm not registered on the compromised site?

Is it safe to check password against the HIBP Pwned Passwords API during account registration?Search on email domains using the Have I Been Pwned API?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned

59

7

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @kasperd yes, sorry if that is not clear from my question
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
  
  – Ole Albers
  20 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
  
  – TylerH
  11 hours ago
  

  
  
  
  

 | 
show 4 more comments

59

7

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @kasperd yes, sorry if that is not clear from my question
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
  
  – kasperd
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
  
  – Ole Albers
  20 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
  
  – TylerH
  11 hours ago
  

  
  
  
  

 | 
show 4 more comments

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).

I have no memory of signing up for that service.

When I go to recover the account (I might as well close/change password), I get this:

The two facts seem incongruous:

Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?

How do I find out the true situation, and what is the most secutre course of action?

have-i-been-pwned breach

share|improve this question

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

share|improve this question

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

share|improve this question

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

edited 14 hours ago

Jasper

1032

edited 14 hours ago

Jasper

1032

asked yesterday

PureferretPureferret

1,22641414

asked yesterday

PureferretPureferret

1,22641414

2 Answers
2

active

oldest

votes

92

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  51
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  19 hours ago
  

  
  
  
  

 | 
show 6 more comments

60

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

63818

• 
  
  
  

  
  11
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  15 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

92

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  51
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  19 hours ago
  

  
  
  
  

 | 
show 6 more comments

92

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

• 
  
  
  

  
  51
  

  
  
  
  
  
  

  
  
  One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
  
  – DrakaSAN
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
  
  – bta
  yesterday
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
  
  – mtraceur
  yesterday
  

  
  
  
  


• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  
  @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
  
  – Dubu
  19 hours ago
  

  
  
  
  

 | 
show 6 more comments

From the FAQ:

Why do I see my email address as breached on a service I never signed up to?

When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?

It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

share|improve this answer

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

answered yesterday

AndrolGenhaldAndrolGenhald

11.2k42837

60

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

63818

• 
  
  
  

  
  11
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  15 hours ago
  

  
  
  
  

add a comment | 

60

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

63818

• 
  
  
  

  
  11
  

  
  
  
  
  
  

  
  
  Well spotted... Seems like an unusual approach?
  
  – Pureferret
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
  
  – hairydresden
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
  
  – Pureferret
  19 hours ago
  

  
  
  
  


• 
  
  
  

  
  6
  

  
  
  
  
  
  

  
  
  On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
  
  – Paul Johnson
  15 hours ago
  

  
  
  
  

add a comment | 

Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:

ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.

https://www.sharethis.com/data-privacy-incident/

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

63818

share|improve this answer

edited yesterday

answered yesterday

hairydresdenhairydresden

63818

answered yesterday

hairydresdenhairydresden

63818

answered yesterday

hairydresdenhairydresden

63818