This forum leaked my details on to the dark web through a data breach

Tools    





The centre of Hollywood
My email was stolen, got my ip and password.

Beware.....



All our passwords are encrypted. IP addresses, for those who don't know, are available to any site you visit.

That said, I certainly wouldn't encourage anyone to store any crucial personal information on a random forum account.



The centre of Hollywood
Norton security only just notified me through it's dark web monitoring, and it linked the activity back to the forum. So it literally gave this forum link as the source of the leak. I honestly forgot I even had an account here till now.

Don't shoot the messenger, blame Norton Anti virus software if you think it's so crazy.

The question I have really is who would be stealing people's email on here and putting it on the dark web. That should concern anyone with an account. Just saying.



The centre of Hollywood
I should clarify that It's not verified if they obtained the password at all, it only suggests that my password could be at risk, due to my email being leaked. having a password at risk I was treating the same as compromised data. That's why I mentioned the password and IP linked to the email as exposed.



Ghouls, vampires, werewolves... let's party.
These messages you're getting from your anti-virus software could be just an advertising gimmick to get you to upgrade your service. If it hasn't caused you any real damage to your email accounts or to your computer, I would probably just ignore it.



All our passwords are encrypted. IP addresses, for those who don't know, are available to any site you visit.

That said, I certainly wouldn't encourage anyone to store any crucial personal information on a random forum account.
Perhaps, or maybe you have secret ties to the dark web and you're trying to corrupt us all.
__________________
IMDb
Letterboxd



Ghouls, vampires, werewolves... let's party.
I have the free version of Avast on my computer and I get pop-ups all the time warning me about stuff. I ignore it mainly because I don't visit many sites with my computer and also I don't have anything worth stealing anyway.



Re: emails. There's a lot of email harvesting, a lot of script kiddies use bots searching for vulnerabilities and just sort of collect things for...well, for no real reason that I can see, since you can harvest emails almost anywhere and there's nothing particularly valuable about the ones here. A lot of this stuff, as insane as it sounds, people do just to do. Maybe it feels cool, I dunno.

As for passwords, yeah, no worries there: they're definitely encrypted. I have full access to the database and I don't even get to see what they are. That said, people should 100% not be using any password for a forum that's being used for anything remotely important. I realize people do this anyway sometimes, but they really shouldn't.

Someone having your email address--a thing basically none of us really keep private in any meaningful sense anyway--is basically the worst thing you can/should hope to "lose" here.



Perhaps, or maybe you have secret ties to the dark web and you're trying to corrupt us all.
That does sound like me.

Incidentally, the phrase "dark web" has become increasingly meaningless. I've seen things referred to with that term which are...well, just websites. But I guess it sounds scary, so there's that.



__________________
"Film is a disease. When it infects your bloodstream it takes over as the number one hormone. It bosses the enzymes, directs the pineal gland, plays Iago to your psyche. As with heroin, the antidote to Film is more Film." - Frank Capra



The centre of Hollywood
Re: emails. There's a lot of email harvesting, a lot of script kiddies use bots searching for vulnerabilities and just sort of collect things for...well, for no real reason that I can see, since you can harvest emails almost anywhere and there's nothing particularly valuable about the ones here. A lot of this stuff, as insane as it sounds, people do just to do. Maybe it feels cool, I dunno.

As for passwords, yeah, no worries there: they're definitely encrypted. I have full access to the database and I don't even get to see what they are. That said, people should 100% not be using any password for a forum that's being used for anything remotely important. I realize people do this anyway sometimes, but they really shouldn't.

Someone having your email address--a thing basically none of us really keep private in any meaningful sense anyway--is basically the worst thing you can/should hope to "lose" here.
This email I'm referring to I've had it since forever, but all through that time I been using the email, I never had norton notify me of that before. There is no way to know if it is some marketing trick, but I don't think that would be ethical to pull that kind of stunt on customers, so I take their word for it that they did find something wrong. I've never had them pull dumb crap like that on me before. I'm sure there is programs out there that definitely scam their customers, but I don't think Norton security is one of them.

The reason it might be a security issue for this forum is that people may not want their email floating around the net attracting who knows what junk mail for what purposes. It's basically an electronic address which not everyone can just change when they want to. I didn't really think about this issue when I joined forums years ago, and if I was to join anything now, I would mostly use throw away emails.

So although it doesn't seem that serious, someone is exploiting something, and it's still private data. Technically it is a data breach, but you don't seem to be treating it as something serious, maybe because you can't do much about it? If that is the case there should be some type of heavy warning on the site saying "Your email may be exposed to third parties" as when you really think about it, it does sound scary, and it is in a way.

I'm glad you were not childish enough to delete the thread and censor the entire thing. I know many forums that would just get rid of any discussion about threats, so good job there.



You ready? You look ready.
First, how did Norton notify you?

Second, Norton, or someone pretending to be Norton, is trying to scare you.

Third, it’s a high probability the info was already on the dark web before you signed up here.



you don't seem to be treating it as something serious, maybe because you can't do much about it?
It's for a few reasons.

The first I alluded to earlier: it's usually not targeted. I've actually seen these sites before: people trawl the internet for little exploits or zero day patches or whatever and dump meaningless data on some forum (it's often just a website, in case "dark web" is freaking anyone out) and it just sits there, because it has little to no value to anyone. I saw one where this happened specifically because you had to do it to earn "points" that allowed you to download other files. It was crazy how banal and rote the whole thing was.

The second reason is that the plausible worst case scenario is basically as you described: hypothetically someone could sign you up for some junk mail, but that's almost certainly true for just about everyone here already. If you've signed up for even a few things, the odds that your email has been or will be exposed at some point approaches 1.

The third reason is that, thankfully, the downsides are minimal. The value of an individual email is worth a vanishingly small amount now. I published my own email on here publicly for many years, and as far as I can tell there was close to no downside from that. In fact, I get less spam now than when I started, by a wide margin.

There is one edge case that is quite serious, though, which I mentioned before and will mention again below:

I'm glad you were not childish enough to delete the thread and censor the entire thing. I know many forums that would just get rid of any discussion about threats, so good job there.
Yeah, certainly, I like to address these things head-on. I guess I would've preferred being contacted personally first, or even having this framed as a question before a dramatic accusation, particularly since there's no detail with which to potentially investigate. But no big deal.

Frankly I like to use the opportunity to remind people of best practices: don't use the same password on a forum that you use on any sensitive sites, don't store anything here that's sensitive or important, etc.

The #1 issue with data breaches is usually not the data itself, but the ways people can triangulate the data to gain access to something else, and that only happens if people are careless. Keeping your email secret is basically impossible, but stratifying passwords properly and the like is pretty easy, and fends off nearly all of the worst things that can result.



I'm having a colonoscopy this coming Monday and I'll ask them to take pictures. Then I'll post them in an email under a tantalizing subject header like, "There's gold in them thar hills" or "Bitcoin wallet passphrase". I got your DARK web.




First, how did Norton notify you?

Second, Norton, or someone pretending to be Norton, is trying to scare you...
That's very possible. The other day my wife's laptop had a pop up virus warning from Microsoft saying Warning Windows is at risk...Ha her computer runs Linux!..It was a spoof message from some infected web site designed to cause a frightened person to take immediate action thereby giving some useful information to naughty bots.

OP...if your message was for real then many other members here would've also been warned of a breach from their Norton anti virus, you're the first person to mention it. I wouldn't worry about it. Glad I don't use anti virus, I remember those as being pains in the ass.



Interesting to me that the OP had posted exactly twice in the 7+ years he’s been a member of this forum. And, suddenly, his email address has been stolen.

I’ve posted almost 34,000 times in the 5+ years I’ve been a member here & never had a security issue.

Just saying.
__________________
I’m here only on Mondays, Wednesdays & Fridays. That’s why I’m here now.