How can I be pwned if I'm not registered on that site?Is “Have I Been Pwned's” Pwned Passwords List...
Copying files interactively: "cp: overwrite"
How do ISS astronauts "get their stripes"?
Auto Insert date into Notepad
Contradiction with Banach Fixed Point Theorem
How to count words in a line
multiple definition of
Translation of "Engineering"
Difference between hypovolemic shock and heart arrest caused by hypovolemia?
What type of postprocessing gives the effect of people standing out
How would we write a misogynistic character without offending people?
What does 'Linear regularities among words' mean?
How can I handle a player who pre-plans arguments about my rulings on RAW?
Six real numbers so that product of any five is the sixth one
Do commercial flights continue with an engine out?
What can I substitute for soda pop in a sweet pork recipe?
Can you 'upgrade' leather armor to studded leather armor without purchasing the new armor directly?
How to speed up a process
Skis versus snow shoes - when to choose which for travelling the backcountry?
How to approximate rolls for potions of healing using only d6's?
Which aircraft had such a luxurious-looking navigator's station?
If a druid in Wild Shape swallows a creature whole, then turns back to her normal form, what happens?
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
What am I? I am in theaters and computer programs
Whom do I have to contact for a ticket refund in case of denied boarding (in the EU)?
How can I be pwned if I'm not registered on that site?
Is “Have I Been Pwned's” Pwned Passwords List really that useful?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
add a comment |
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
1
*pwnd --> pwned
– jpmc26
1 hour ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago
add a comment |
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
have-i-been-pwned breach
edited 49 mins ago
Pureferret
asked 7 hours ago
PureferretPureferret
1,06631313
1,06631313
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
1
*pwnd --> pwned
– jpmc26
1 hour ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago
add a comment |
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
1
*pwnd --> pwned
– jpmc26
1 hour ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
1
1
*pwnd --> pwned
– jpmc26
1 hour ago
*pwnd --> pwned
– jpmc26
1 hour ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago
add a comment |
2 Answers
2
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-that-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
add a comment |
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
add a comment |
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 6 hours ago
AndrolGenhaldAndrolGenhald
11k42637
11k42637
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
add a comment |
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
9
9
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
You're last paragraph is helpful, It's possible my email was scooped up but not in a way I can do anything with it. Which is troubling. Thanks.
– Pureferret
6 hours ago
4
4
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
3 hours ago
1
1
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
1 hour ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
edited 1 hour ago
answered 3 hours ago
hairydresdenhairydresden
3187
3187
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
add a comment |
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
3
3
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
Well spotted... Seems like an unusual approach?
– Pureferret
2 hours ago
2
2
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-that-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
3 hours ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
3 hours ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
3 hours ago
1
*pwnd --> pwned
– jpmc26
1 hour ago
The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?
– eckes
26 mins ago