What would you recommend

Kakkoister2
Kakkoister2
Community Member

Hi everyone,

I got an alert from a crediting monitoring service I use, it says my phone number and my name for one of my logins, was sold on the black Market, it mentioned it had my real name. Suggestions? When I pull a watch tower report, I have no alerts and says everything is good, which makes me feel great I use 1P for security and protecting my accounts.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • XIII
    XIII
    Community Member

    Did they tell you for which service the account was?

  • Kakkoister2
    Kakkoister2
    Community Member

    yes it did.

  • XIII
    XIII
    Community Member

    Then I would at least change the password for that account and every account that has the same password (hopefully none).

    If it’s an email account please check that the hackers did not set up a rule to forward your mail to them.

  • DanielP
    DanielP
    1Password Alumni

    @tomatoshadow2:

    Sorry to hear about what happened.

    When I pull a watch tower report, I have no alerts and says everything is good, which makes me feel great I use 1P for security and protecting my accounts.

    This makes sense: if they information exposed in that breach were "just" your phone number and name, Watchtower won't alert you because your login credentials for that website have not been compromised, and consequently there is no need to perform any action within 1Password.

    Now, as XIII wrote, if you want to change your password for that account anyway for good measure, even if your password was not exposed, it certainly won't hurt to do so.

    With regards to the phone number and the name, I am afraid I don't have a lot of good suggestions, other than keeping an eye on your messages and communications, to make sure that this information is not actually being used anywhere. It's always a bit tricky when information such as phone numbers or real names get exposed, because while you could theoretically change those too, it's typically not worth the effort other than in particularly serious cases (this is true for changing phone numbers, and especially true for changing names ;) ).

  • prime
    prime
    Community Member

    Not much you can do. I know one of my email addresses are in the dark web, but I don’t care. Even if they had the password and the 2FA code, they still can’t get into they email account :lol:

  • DanielP
    DanielP
    1Password Alumni

    Indeed :+1:

  • prime
    prime
    Community Member

    This is what I do, I use outlook.com for many of my emails. It lets me have 9 aliases with my main email, and I use different emails for different things. One I use for forums, one for crap I don’t care, one for banking (only banking), and so on. The cool part is, to log into my account, only one of the email address will work. If I try to use the email I use for the forums, it will not let me into my email... Even it the password and 2FA. If I use this email and put in the password, it says “email does not exist”, like the email doesn’t exist at all.

  • DanielP
    DanielP
    1Password Alumni
    edited January 2020

    @prime:

    Yep, that is definitely a good tip. I use a similar approach, but I like using subdomain aliasing instead (it only works if you own your own domain and email service however). So for example I could have an apple@accounts.mydomain.com address or an amazon@purchases.mydomain.com email address, twitter@social.mydomain.com etc.

    Some email providers (even the free ones) also allow you to use plus addressing, which usually doesn't have any limits in the number of aliases you can have. But of course in this case, knowing your base email address becomes trivial.

  • Kakkoister2
    Kakkoister2
    Community Member

    Yeah, I'm not worried at all, as no passwords or usernames were compromised. Also, haven't received any strange calls or messages.

  • :+1: :)

    Ben

  • Kakkoister2
    Kakkoister2
    Community Member

    Also @Ben or @DanielP how often do you recommend running a Watchtower Report?

  • DanielP
    DanielP
    1Password Alumni

    @tomatoshadow2:

    Personally, I use the Watchtower feature directly in the 1Password app. The report there is updated automatically, so you don't have to run one manually like in the browser.

    I have taken the habit to check the Watchtower category in the app once a day, when I start my morning, since it's just a click away.

  • Kakkoister2
    Kakkoister2
    Community Member

    @DanielP Thanks, do appreciate it, does 1Password also update website content, attached to a long in, say if I told 1Password there is the official website for a bank, does it always pull the most recent website version that is attached to the login, when I press go?

  • DanielP
    DanielP
    1Password Alumni

    @tomatoshadow2:

    Yes, 1Password will load the latest version of the website for you.

This discussion has been closed.