Info found on dark web.

[CurrentlyPissed]

So I have a monitoring service through myFico. Today I received a notification that my info is out there on the 'dark web'. Recently with the google issue, and my Hulu/spotify accounts were hacked. What should I do to avoid any further issues?

I changed most, if not all of my passwords, but its impossible to know which I forgot.

 

[Canesfan2020]

Change your name, get a new social security number. Maybe move.

 

[Munkus]

So I have a monitoring service through myFico. Today I received a notification that my info is out there on the 'dark web'. Recently with the google issue, and my Hulu/spotify accounts were hacked. What should I do to avoid any further issues?

I changed most, if not all of my passwords, but its impossible to know which I forgot.

Put a freeze on your credit so no new accounts can be opened in your name.

 

[acroig]

Put a freeze on your credit so no new accounts can be opened in your name.

This.

 

[CurrentlyPissed]

This.

Kinda a PITA though to freeze/unfreeze anytime I want to do something, plus I read this hurts with CLIs no? I dont think my social is out there, just name, address, email, and passwords. Is freezing going too far?

 

[Mahjik]

Change your password(s), and use 2-factor where possible. And real 2-factor, not the "send me a text with a OTP" stuff.

The main thing is to not use the same password for every site, and don't use variations of the same password when you do use a different password. You can use tools like Keepass to maintain and track passwords for multiple sites/services.

 

[CurrentlyPissed]

Change your password(s), and use 2-factor where possible. And real 2-factor, not the "send me a text with a OTP" stuff.

The main thing is to not use the same password for every site, and don't use variations of the same password when you do use a different password. You can use tools like Keepass to maintain and track passwords for multiple sites/services.

Thankfully recently ( last 6 months or so ) I have been using chromes suggest a password.

 

[xCLAVEx]

I'm about to freeze my accounts myself as I'm not planning on using my credit anytime soon for any major purchases nor open any new accounts for anything. Sure it can be a pain to freeze and unfreeze but it's safer and shouldn't affect your credit.

The biggest PITA is probably the initial set up. You can apparently do the unfreeze and freezing online, but for the first time freeze you (at least in my case) have to do it over the phone. That means a loooooooooooooooooooooong wait on the phone answering a bunch of questions and listening to keystrokes. And you have to do it three times (one for each agency)...

 

[Silent-Runner]

i still remember talking to amazon service where i was told to never ever use 2-factor simply because if something goes wrong then no one can access your account anymore, neither you nor the people at amazon. Basically your account and everything in/on it is gone. Strangely enough i was told almost the same by the support of paypal. Makes you wonder....

 

[Gandalfthewhite]

paypal's support was dead wrong they only use SMS 2FA at this point and it is easily bypassed by security questions. I don't know what rep told you that but they should be fired.


as for the topic.

pick up a yubikey and setup physical auth token on your core email accounts and core financial accounts (where you can) (with a backup of a software token). For non core accounts use a password manager to setup random passwords for each individual account and use software based 2fa (thing authy, duo, google authenticator) where you can especially anything that has a credit card attached to it.

If you do not freeze your credit at least setup active monitoring so if anyone touches it you are instantly notified and can quickly respond to malicious activity. Also setup active monitoring for transactions (large deposits / withdrawls) on your main financials.

Who is telling you this. Security professional who exclusively works in the financial sector.

 

[Pr3tty F1y]

paypal's support was dead wrong they only use SMS 2FA at this point and it is easily bypassed by security questions. I don't know what rep told you that but they should be fired.


as for the topic.

pick up a yubikey and setup physical auth token on your core email accounts and core financial accounts (where you can) (with a backup of a software token). For non core accounts use a password manager to setup random passwords for each individual account and use software based 2fa (thing authy, duo, google authenticator) where you can especially anything that has a credit card attached to it.

If you do not freeze your credit at least setup active monitoring so if anyone touches it you are instantly notified and can quickly respond to malicious activity. Also setup active monitoring for transactions (large deposits / withdrawls) on your main financials.

Who is telling you this. Security professional who exclusively works in the financial sector.

I would go one step further to setup alerts for any activity on your accounts for as low as your banking/credit institution allows (e.g., $1 or $0.01). Folks who may be able to compromise your account will generally make a small, innocuous purchase first (typically at a gas station/convenience store) to see if your information works. It's better to deal with extra e-mails documenting every instance of transactions than to have to deal with it after the fact. This will allow you to catch a breach when it is small/manageable and make your life much easier as even if banking institutions refund you (which they typically will in a credit card breach), you may be left without a credit card and/or have your funds temporarily drained while awaiting a resolution.