How can I be pwned if I'm not registered on the compromised site?Is it safe to check password against the...
Can a space-faring robot still function over a billion years?
What is this waxed root vegetable?
How do I deal with being jealous of my own players?
For a 1-action spell, do I need to take a turn to ready the spell before I can cast it, or can I cast it immediately?
Difference between 'stomach' and 'uterus'
Where is the line between being obedient and getting bullied by a boss?
How can I be pwned if I'm not registered on the compromised site?
Skis versus snow shoes - when to choose which for travelling the backcountry?
Book about a time-travel war fought by computers
Are paired adjectives bad style?
Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?
Roots of 6th chords on the guitar for different inversions/voicings
Do higher etale homotopy groups of spectrum of a field always vanish?
How to evaluate the limit where something is raised to a power of x?
Is there a full canon version of Tyrion's jackass/honeycomb joke?
Non-Italian European mafias in USA?
School performs periodic password audits. Is my password compromised?
Wrap all numerics in JSON with quotes
Toast materialize
Did Amazon pay $0 in taxes last year?
Citing contemporaneous (interlaced?) preprints
Starting index at zero
Why are special aircraft used for the carriers in the United States Navy?
What are all the squawk codes?
How can I be pwned if I'm not registered on the compromised site?
Is it safe to check password against the HIBP Pwned Passwords API during account registration?Search on email domains using the Have I Been Pwned API?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
|
show 4 more comments
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago
|
show 4 more comments
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
have-i-been-pwned breach
edited 14 hours ago
Jasper
1032
1032
asked yesterday
PureferretPureferret
1,22641414
1,22641414
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago
|
show 4 more comments
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago
6
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
1
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
1
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
1
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago
|
show 4 more comments
2 Answers
2
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
|
show 6 more comments
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
|
show 6 more comments
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
|
show 6 more comments
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered yesterday
AndrolGenhaldAndrolGenhald
11.2k42837
11.2k42837
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
|
show 6 more comments
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
51
51
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
yesterday
3
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
yesterday
6
6
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
yesterday
2
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
yesterday
8
8
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
19 hours ago
|
show 6 more comments
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
edited yesterday
answered yesterday
hairydresdenhairydresden
63818
63818
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
add a comment |
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
11
11
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
Well spotted... Seems like an unusual approach?
– Pureferret
yesterday
3
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
yesterday
3
3
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
19 hours ago
6
6
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
15 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
yesterday
@kasperd yes, sorry if that is not clear from my question
– Pureferret
yesterday
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
yesterday
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
20 hours ago
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
11 hours ago