this post was submitted on 26 Feb 2025
300 points (99.0% liked)

Technology

75846 readers
1959 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
300
Have I Been Pwned adds 284M accounts stolen by infostealer malware (www.bleepingcomputer.com)
submitted 7 months ago by Captainautism@lemmy.dbzer0.com to c/technology@lemmy.world
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Jax@l.hostux.net 12 points 7 months ago (2 children)

I don't understand how to find out which specific sites had my data leaked. Without that I can't take any action. I'm subscribed to email alerts but the alert did not include any details like the article said it would.

[–] Illecors@lemmy.cafe 2 points 7 months ago

Rent a domain Set up email Use a unique address for every website

I usually pick the domain of the website as the username part.

So if, say, I have email set up on lemmy.cafe and want to sign up to flatearth.com - I'd probably use flatearth.com@lemmy.cafe for an email address. If they ever leak it - I'll be reveiving spam sent to this address.

In the six years of hosting my own email I've only had one such occurence when namecheap got breached. It was nice being able to tell where the culprit was!

[–] boatswain 1 points 7 months ago (1 children)

As another poster detailed, this is not a company that exposed your info: these credentials are all from stealer logs, which are logs of credentials stolen by keyloggers installed on machines. If your credentials were in this report, it means that you've entered that username and password on a machine with malware on it. Could be your personal machine, or it could be some other computer you've used.

[–] Jax@l.hostux.net 2 points 7 months ago

That's true. My point was just that the important thing here is knowing personally which domains were affected so one can personally change those sets of credentials. If I don't know which of my credentials leaked then there's no value to me.

I was able to finally get access and did change the specific credential that had leaked (again, not assigning blame to any specific site here).