Credit Karma introduced recently its free identity monitoring service. Here's what my first report looks like:
============
You've Been In 5 Breaches:
We checked our database of 4.7 billion publicly breached accounts and your email address showed up in 5 data breaches. That means your online accounts and personal info may be compromised.
------------------
FORBES
In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria". The attack not only leaked user credentials, but also resulted in the posting of fake news stories to forbes.com.
Exposed Info:
- Email addresses
- Passwords
- User website URLs
- Usernames
------------------
GAWKER
In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, many victims of the breach then had their Twitter accounts compromised to send Acai berry spam.
Exposed Info:
- Email addresses
- Passwords
- Usernames
------------------
LINKEDIN
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Exposed Info:
- Email addresses
- Passwords
============
I don't even remember the last time I visited the 3 websites listed in this report, so I'm not worried. I change all my passwords often.
The utility of these reports is obvious, so I'm giving this free service a big thumbs-up.
MAY 29, 2018 UPDATE: COMBOLISTS
------------------
EXPLOIT.IN
This breach isn’t from one site — it’s a
combolist. Basically, someone put together info from individual data breaches and then shared that combined list publicly or on the dark web. Criminals use passwords from combolists to try to gain access to your other accounts. That’s why you should never re-use passwords, especially in places with sensitive personal or financial info (like your banking app, health insurance site, tax software, email account, etc.)
Exposed Info:
- Email addresses
- Passwords
------------------
COMBOLIST OF 1.4 BILLION CREDENTIALS
This breach isn’t from one site — it’s a
combolist.
Basically, someone put together info from individual data breaches and
then shared that combined list publicly or on the dark web. Criminals
use passwords from combolists to try to gain access to your other
accounts. That’s why you should never re-use passwords, especially in
places with sensitive personal or financial info (like your banking app,
health insurance site, tax software, email account, etc.)
Exposed Info:
- Email addresses
- Passwords
------------------
Labels: Combolist, credit_karma, creditkarma, Data_Breach, Fraud, identity_monitoring, identity_theft
