photo RSMAtnWebAdRed13.jpg

Is Your Email Address Compromised?

By Charles Miller

A few weeks ago I wrote about the experience of a client o

CPOMPUTERS

f mine whose email address was “pwned.” In writing that column, I made up what I mistakenly assumed was a fictitious name to protect my client’s privacy. I wrote that when I checked the haveibeenpwned.com website, I found the address jane@mail.com had been pwned (compromised) a dozen times. An alert reader wrote to correct me saying that jane@mail.com had actually been pwned 27 times. Immediately I realized that the fictitious email address I made up is not fictitious at all but is actually someone’s real email address.

I should have taken that into account, and my sincerest apologies go out to Jane, whoever you are, @mail.com.

Point your web browser to the site haveibeenpwned.com, and enter the email address jane@mail.com, and you’ll see for yourself why that email address is probably no longer being used by the Jane to whom it belongs. That email address and its underlying data have been compromised on 27 sites, one of which is a massive collection of almost 3,000 alleged data breaches circulating in the cybercriminal underground.

It is interesting to browse down the long list of places where jane@mail.com had her information stolen and to see the extent to which it put Jane at risk. Most of the data breaches were only for email addresses and passwords, and that is easy enough to deal with by changing passwords. Others are more troubling.

Data breaches that can occur at large credit reporting companies like Equifax or the marketing firm Exactis are potentially the most damaging. That compromised data can include occupation, income level, financial investments, net worth, credit status, date of birth, education level, medical history, other email addresses, ethnicity, family structure, gender, home ownership status, IP addresses, marital status, personal hobbies, phone numbers, physical addresses, eating/drinking habits, vehicles owned, religion, spoken languages, apparel sizes, pets, credit card transactions, and the names, age, and gender of children.

Absent from the list of pwned data stolen from jane@mail.com are Social Security numbers and credit card numbers, meaning that the Exactis database breach is not a fully complete identity theft roadmap for criminals to use, but the depth of personal data stored there is, nonetheless, useful to them. Massive leaks of user data have nearly reached epidemic status, meaning that, more likely than not, some of your information has already been pwned.

So once again, please point your web browser to haveibeenpwned.com and enter your own email address. What I hope you see next is “Good news—no pwnage found! No breached accounts and no pastes.” That would indicate that your email address was not found on any of the lists known to be used by cybercriminals. If, however, your information has been pwned, then you need to take appropriate steps to protect yourself.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 044 415 101 8528 or by email FAQ8 (at) SMAguru.com

 

Comments are closed

 photo RSMAtnWebAdRed13.jpg
 photo RSMAtnWebAdRed13.jpg

Photo Gallery

 photo RSMAtnWebAdRed13.jpg
Log in | Designed by Gabfire themes All original content on these pages is fingerprinted and certified by Digiprove