Leaked info - from where?

Toweri
Toweri Posts: 32 Contributor
in Home Security Beta Programs

I received this notification that my Email and password has been leaked:

Leak Screenshot.png

There is no information, which service's password has been leaked. The "Password" items (three dots and an underline, see screenshot) are not clickable links.

Is this a bug? Shouldn't it be possible to reveal, what password (related to my email) is leaked - so that I can go to correct web site / service to change the password?

fs protection version 25.11 beta 3; "ID Monitoring" section.
Windows 11 Pro, version 25H2

Also see additional discussion at https://community.f-secure.com/en/discussion/129860/leaked-info-from-where

Tagged:
Like 1Awesome

Answers

  • Ville
    Ville Posts: 818 F-Secure Product Expert

    It's not a bug. It works like this since the backend that is matching up the data does not store the actual email or password. Why it can show email here is that one-way hash matches the email that you have provided. Sometimes there is more information about where the leak has happened, sometimes there is just bulk list of emails / passwords published where the origin is not known.

    Ville

    F-Secure R&D, Desktop products

    Like Awesome
  • Toweri
    Toweri Posts: 32 Contributor

    My point stands. This kind of warning, where it not possible to do anything about the leaked password - because there is no way to know, what password it was, is useless - and may be detrimental to non-expert users.
    Especially while using wording "change the password immediately."

    It causes users unnecessary worry that cannot be remediated. So why show it in the first place?
    Better filter out these kinds of warnings. Show only those warnings, that actually serve a purpose: Alert the user to change leaked information that can be detailed.

    Like Awesome
  • TVC15
    TVC15 Posts: 209 Rising Star
    edited 3:10AM

    Just so there's context here, the word Immediately was used in this post, from a Perplexity search. I apologize @Toweri if you thought it was me saying that, I didn't realize it was going to be an issue or I would have edited it out of the Perplexity reply.

    https://community.f-secure.com/en/discussion/comment/142927#Comment_142927

    And if a person has the ID Protection app, or from F-Secure Total, the passwords that were compromised can hopefully be seen in your portal, as posted here.

    https://community.f-secure.com/en/discussion/comment/142938#Comment_142938
    Like Awesome
  • Toweri
    Toweri Posts: 32 Contributor

    Hello @TVC15

    No, I am certainly not blaming you, or anyone else personally.
    That quote came from the 'fx protection' beta-app on Windows 11, as seen on my original screenshot. I wouldn't assume it was typed by any individual person, but be part of the app UI.

    And if the fact that the associated password cannot be revealed exists only on the beta version of the app, it is not such a big deal anyway.

    I just wanted to bring this to the attention of developers, as a problem with this particular notification. If regular user never encounter this situation, my point is moot.

    1Like Awesome

Categories