My wife's accounts were hacked earlier this week.. yea it's been fun cleaning all of that up.

Anyway, was looking at various related threads here and elsewhere on the subject and ran across some discussion on a site haveIbeenpwned.

I checked one of my addresses and it said I had 1 breach.

What's the suggested course of action to check into and clearing the breach?

Thanks all

At the very least, if she does any credit cards or banking on-line, it would be a good idea to check out the accounts and change the passwords. Also, obviously, change passwords to everything possible just in case.

A password manager would be a good idea and use a different password on every site. A password manager is included with my protonmail account, but I thionk a paid account is required for that.

Pinochet said:

---

See what the breach was. That website will tell you what information was stolen. It could be just an email address or a real name, or it could be credentials. Either way, change the password at that site and enable MFA wherever you can. Obviously, don't reuse passwords. But if you did, make sure you change those too. Credential stuffing is a way hackers can get access to things - they use a list of stolen credentials from one site and try those other places.

---

Or it could be something entirely different than the what is on that site.

The breaches reported are more general there and don't actually indicate that her account has been taken.

Well that's not true at all. That website takes actual breaches and catalogs what was involved in the breach. It's not just general information.

Pinochet said:

---

Well that's not true at all. That website takes actual breaches and catalogs what was involved in the breach. It's not just general information.

---

The breaches reported are of data breaches of sites with large numbers of users, not of individual users.

They have no knowledge of whether any particular user on any particular site has been attacked, only that the address was on the reported sites that had been breached.

At best, one can assume that an account that was hacked might have been the results of information gained from a reported site.

After a hack, you need to deal with recovering from the attack.

You should probably stop showing how much you don't know about what you're talking about.

Pinochet said:

---

You should probably stop showing how much you don't know about what you're talking about.

---

Just about any time there is a new major breach, I am notified that the breach exposed some e-mails in our domain and I check them out every time. Not once has there been anything there requiring me to take action to deal with them.

The odd thing about the e-mails listed on the breaches, most of them never existed at all as they are listed -- these are generally a valid or deleted (as much as 20 years ago) e-mail with some extra characters. Of the remaining e-mails listed, many of those e-mails were deleted years ago. The number of e-mails still active seems to be the smaller portion listed in the breach.

I have a contact e-mail that I created in 1997 or 1998 that I still have active. It is my official contact address for certain purposes and so I need to keep it active. I haven't actually used it since about 2000 because it gets spammed so much that it is pretty much useless. To the best of my knowledge, it has received precisely one legitimate e-mail in more than ten years. In spite of that, it even makes the list for some breaches from time to time.

Looking at haveibeenpwned is rarely going to provide any information about why you were hacked. It might, however, provide some indication about where spammers might have gotten your e-mail address.