Leaked info - from where?

Toweri
Toweri Posts: 25 Enthusiast
in ID Monitoring

I received this notification that my Email and password has been leaked:

Leak Screenshot.png

There is no information, which service's password has been leaked.
So how could I know, onto which web site shall I go and change my password?

I take it, it does not refer to my email service itself…?

Like Awesome

Answers

  • TVC15
    TVC15 Posts: 205 Rising Star
    edited 3:43PM

    Hello @Toweri

    I can provide basic information, others here may go more in depth. In the past, F-Secure used to show parts of the passwords that were leaked. That was an indicator on which ones I needed to change, besides reviewing them all for password strength. It no longer give us that information, which I find disappointing, as that was one of the features I liked about it.

    Your email address has been exposed, but maybe not your client, I would change that password (if possible) using the password generator from within the F-Secure Vault. From within the Vault, I would also check the Password Analysis and review the Weak or Reused passwords and change those, especially and for financial etc. websites. For extra security, I would review all the websites in the Vault, as some of mine had changed how I logged in and wanted me to create a new account which I declined to do, and considered it a dead site (I no longer used, log into). I made sure all had a strong password and used 2FA wherever I could.

    From a Perplexity search:

    A combolist breach is a data exposure event where your email/username and password appear in a large compiled list that has been built from many different prior data breaches.​

    What a combolist is

    • combolist is a text file containing many username or email and password pairs (often in email:password format).​
    • These credentials are usually aggregated from multiple independent breaches, phishing campaigns, and malware “stealer” logs into one large, cleaned list.​

    What “combolist breach” means for you

    • Being in a combolist breach usually means your credentials were not stolen in a brand‑new hack, but were collected from one or more past breaches and bundled into a combo list now circulating among criminals.​
    • The main risk is credential stuffing: attackers automatically try those username/password pairs on many websites (banks, email, streaming, shopping) hoping you reused the same password.​

    How serious it is

    • Even if the data is “old,” it is still dangerous if you reused that password anywhere or never changed it after the original breach.​
    • Large public combolists can contain hundreds of millions of unique email and password pairs and are widely traded and reused, so exposure can persist for years.​

    What to do if you’re in one

    • Immediately change passwords for any accounts where you used the exposed password, starting with email, financial accounts, and key services (e.g., cloud storage).​
    • Enable multi‑factor authentication (MFA) everywhere possible and use unique, randomly generated passwords stored in a password manager to prevent future credential‑stuffing success.​

    Kind regards.

    Like 1Awesome
  • Ukko
    Ukko Posts: 4,001 Superuser

    Hello,

    Just a little bit of thoughts in addition to the answer above with very sufficient information (and, oh, I'm surprised, since it's a pity that there is no way to see part of the password or the whole one. Which is strange).

    I take it, it does not refer to my email service itself…?

    Well, I'm not entirely sure, but based on the name of "Combolist" (which could contain completely random stuff other than indicated in its name, and even completely bogus or fake data):

    • logsmarket_otc (OTC Logs Market) sounds as a kind of place for obtain stealer logs. This raises the suspicion that the device may have been infected or compromised at some point.
    • Privatedata_MARKET may also refer to some 'known' messenger channels, with the same purpose.

    Probably in one of the posted (thrown in) portions - your email/password(?) were also included there. Although most likely there could be collected 'logs' from any source (compilations of other combolists with the addition of something "manually" collected), and not exclusively through the collection of data by some group of people.

    So, if your email (or an account using that email) was previously leaked, that information could have been included for numbers (so, 'repeated'/'known' one). If not (or it doesn't matter), then it's possible these are logs (or/and credentials, browser cookies, or whatever) from one of your devices or devices where email was typed/used.

    In general, infostealer type of malware is quite a thing for mobile devices too (Android-based, for example). So the vector could be anything.

    Thus, if the email has not been somehow involved in other incidents (that you know of), then it may be worthwhile, as recommended in the answer above, to check/look at everything that may be connected to this email address and secure it as well.

    // If your email address is easy to guess, it's probably just a random registration somewhere by someone who used it on some dubious website (or was simply added to a list). For example, I have a couple of such addresses.. and quite a few "leaks" (even though I have never registered anywhere with this email address).

    sorry for spamming.

    Like Awesome

Categories