Jump to content

Data related to your account may have been leaked from 2 websites.


Kupo
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

Recently received notification that my data might have been leaked from 2 websites. The detection date was shown as 2015 (refer to attached png picture). However, I only started using Kaspersky Security Cloud Free within a year or less.

Is this a false alert? I’m using the latest Windows 10 version.

Link to comment
Share on other sites

Flood and Flood's wife

Hello @Kupo

  • The Account check feature refers to database resources that show where data (email addresses) may have been breached over many years. The tool is not reliant on the time Kaspersky software has been installed in your system. 
  • Accounts are checked through the haveibeenpwned.com website database which receives regular updates.
  • As a user of Kaspersky Free software the Account check feature has less functionality available than if you were using Kaspersky Security Cloud Personal or Family. 
  • PRIVACY PROTECTION control is only available with the licensed version. 

Thank you🙏

Flood🐳 +🐋

Additional resources:

About Account Check

Kaspersky Security Cloud package comparison

Link to comment
Share on other sites

Thanks for the clear explanation.

What should anyone using the free version do when they receive such notifications? Since it’s not exactly false. I did a quick online search with my login id and found no obvious impersonation or malicious use yet.

Let me know if I should ask somewhere else. (would be nice if you can point out one or two useful links).

Link to comment
Share on other sites

  • Solution
Flood and Flood's wife

Thanks for the clear explanation. What should anyone using the free version do when they receive such notifications? Since it’s not exactly false. I did a quick online search with my login id and found no obvious impersonation or malicious use yet. Let me know if I should ask somewhere else. (would be nice if you can point out one or two useful links).

Hello @Kupo

You’re most welcome☺ !

From the Kaspersky software side, it's a reporting tool, the free version is not configurable. 
From memory, Kaspersky were going to include an option to exclude "known/reported" email addresses that were showing up as false positives; not sure what progress has been made, or if, in the future, it's implemented, whether or not that feature would only be available for paying subscribers - time will tell. 

  1. HaveIbeenpawned/FAQ has good information about data breaches & pastes - follow their guidance
  2. Protect all online accounts with strong, unique passwords for each website.
  3. Use a reputable password manager.
  4. Enable 2 factor authentication wherever possible. 
  5. Most government agencies publish consumer, data breach guidance, e.g. ICO Personal data breaches,  OAIC, Privacy, Data breachesFTC Privacy, Identity & Online Security
  • Just as FYI, we have an email address that was breached once, 12 years ago, since rectified, Kaspersky still reports it; it happens. 

Thank you🙏

Flood🐳 +🐋

Link to comment
Share on other sites

Kupo

Furthering Flood and Flood’s wife’s comment, you can also register specific e-mail addresses with HaveIbeenpwned so if any are involved in future website breaches they will notify you directly.

If you are notified of a website breach I would personally change the log in password of ‘every’ account using that e-mail address. Going forward I’d also recommend using a disposable e-mail service such as 33mail or ManyMe. Either enable you to create unique e-mail addresses for each online account (delivered to a single e-mail address). That way if a website is breached, you know the compromised e-mail and password are specific to that site and none other.

Link to comment
Share on other sites

@Kupo Did you reset your password ?

Can’t really recall since the the information is blocked out as shown in attachment. Just puzzled that this notification would come up now and whether further action needs to be taken.

Link to comment
Share on other sites

Thanks for the clear explanation. What should anyone using the free version do when they receive such notifications? Since it’s not exactly false. I did a quick online search with my login id and found no obvious impersonation or malicious use yet. Let me know if I should ask somewhere else. (would be nice if you can point out one or two useful links).

Hello @Kupo

You’re most welcome☺ !

From the Kaspersky software side, it's a reporting tool, the free version is not configurable. 
From memory, Kaspersky were going to include an option to exclude "known/reported" email addresses that were showing up as false positives; not sure what progress has been made, or if, in the future, it's implemented, whether or not that feature would only be available for paying subscribers - time will tell. 

  1. HaveIbeenpawned/FAQ has good information about data breaches & pastes - follow their guidance
  2. Protect all online accounts with strong, unique passwords for each website.
  3. Use a reputable password manager.
  4. Enable 2 factor authentication wherever possible. 
  5. Most government agencies publish consumer, data breach guidance, e.g. ICO Personal data breaches,  OAIC, Privacy, Data breachesFTC Privacy, Identity & Online Security
  • Just as FYI, we have an email address that was breached once, 12 years ago, since rectified, Kaspersky still reports it; it happens. 

Thank you🙏

Flood🐳 +🐋


Thanks for the tips, Flood! ☺

The FYI example was a good one on real world scenario.

  • Thanks 1
Link to comment
Share on other sites

Kupo

If you enter the e-mail address, in question, into https://haveibeenpwned.com/ it will show you the approximate discovery date of the data breach and should be the same information that’s ‘blacked’ in Security Cloud Free.

This is where a password manager (Kaspersky’s or others) comes in to its own as you can more quickly generate and change existing passwords if required.

As previously mentioned, regardless of the breach date, I’d change the login password and if possible also change the e-mail address used on that account. If you changed both you would then know any login information obtained in the earlier breach would be of no use to hackers now.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


×
×
  • Create New...