cancel
Showing results for 
Search instead for 
Did you mean: 

Email and password on sale on darkweb

FIXED
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: 03-01-2018

Email and password on sale on darkweb

Experian have informed me that my email and password for plusnet is now freely available for people to buy on the darkweb.

 

i was wondering if someone could advise me how this could happen, I imagine there is some record of the login attempts made.

 

Being that my stuff is all up to date in regards to security, perhaps you've had someone gather this info from yourselves or is it an inside job ?

 

many thanks.

 

ps after the worse home move experience I had recently ,this just about kisses our business together good bye.

 

 

12 REPLIES
Community Veteran
Posts: 1,612
Thanks: 22
Registered: 29-06-2010

Re: Email and password on sale on darkweb

First thing I would do, assuming this is genuine, is change your password and make it as strong as you can.
Superuser
Superuser
Posts: 2,763
Thanks: 470
Fixes: 5
Registered: 06-04-2007

Re: Email and password on sale on darkweb

If I remember correctly, Experian where hacked a little while ago. At a total guess I suspect they are saying that your experian username (email address) and password where taken and are available, rather that your Plusnet details, though if that is a Plusnet email address and you use the same password for both then it would amount to the same thing.

 

It would definitely be safest and certainly wouldn't do any harm (other than take a bit of your time), to go through and change the passwords anywhere that you've used that same password.

Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: 03-01-2018

Re: Email and password on sale on darkweb

Done straight away, but there seems to be some serious security issues with plusnet

 

some digging has revealed this article where someone has had full passwords relayed back to them, something which is very, very wrong.

 

https://www.grahamcluley.com/plusnet-isnt-acting-safely-password/

 

If true this is a huge flaw in the way plusnet store passwords, and has been since before 2015

 

to note today my plusnet router is now unconnected from broadband over night, yet we have no outages in the area.

 

Im now deeply concerned by plusnets activity, and will be taking this further.

 

 

 

 

 

Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: 03-01-2018

Re: Email and password on sale on darkweb

@pjmarsh

 

All changed, it's definitely plusnet webmail, I have three separate flags come up.

Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: Email and password on sale on darkweb

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Email and password on sale on darkweb

@pjmarsh, wasn't that Equifax and not Experian?

http://www.bbc.co.uk/news/business-41575188

 

Superuser
Superuser
Posts: 2,763
Thanks: 470
Fixes: 5
Registered: 06-04-2007

Re: Email and password on sale on darkweb

@Mook, ah yes you're right.  The Experian hack was a couple of years ago: https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-infor...

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Email and password on sale on darkweb

Even then that hack was only in the USA and limited to T-Mobile Credit Checks, so I don't think this will be related to the OPs issue.

Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: Email and password on sale on darkweb

this is a quick check - just put in your username https://haveibeenpwned.com/

Superuser
Superuser
Posts: 2,763
Thanks: 470
Fixes: 5
Registered: 06-04-2007

Re: Email and password on sale on darkweb

Yes @Mook.  As I said earlier I was just working from memory, so obviously mis-remembered the details

Plusnet Help Team
Plusnet Help Team
Posts: 5,330
Thanks: 486
Fixes: 181
Registered: 01-01-2012

Re: Email and password on sale on darkweb

Fix

We take the responsibility of protecting our customers’ data extremely seriously and as a result have thoroughly investigated these claims. We can guarantee that the compromise of your email address was absolutely not from Plusnet. With regards to the password, Experian shouldn’t be able to tell if it is compromised as this would mean they know it. Our security team would be happy to chat to you about online safety and we have messaged you separately to discuss how we can help you.

If this post resolved your issue please click the 'This fixed my problem' button
 Matthew Wheeler
 Plusnet Help Team
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: 03-01-2018

Re: Email and password on sale on darkweb

Hi Matthew 

 

Experian don't have knowledge of the password, judging from the report sent to me by them, neither does the person selling the information.

Yes, basic online security was observed, no reusing passwords, or storing on devices.

I would like to say a big huge thanks to those who spent time investigating this issue, along with the very knowledgeable gentleman who phoned me to clarify the issue, with the findings of the investigation.

 

Very hugely appreciated